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Abstract 

The recently initiated approach called computability logic is a formal theory of 
interactive computation. It understands computational problems as games played 
by a machine against its environment, and uses logical formalism to describe valid 
principles of computability, with formulas representing computational problems and 
logical operators standing for operations on computational problems. The concept 
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of computability that lies under this approach is a generalization of Church- Turing 
computability from simple, two-step (question/answer, input/output) problems to 
problems of arbitrary degrees of interactivity. Restricting this concept to predicates, 
which are understood as computational problems of zero degree of interactivity, 
yields exactly classical truth. This makes computability logic a generalization and 
t**"* ' refinement of classical logic. 

The foundational paper "Introduction to computability logic" [Annals of Pure and 
Applied Logic 123 (2003), pp. 1-99] was focused on semantics rather than syntax, 
and certain axiomatizability assertions in it were only stated as conjectures. The 
present contribution contains a verification of one of such conjectures: a soundness 
and completeness proof for the deductive system CL3 which axiomatizes the most 
^ ■ basic first-order fragment of computability logic called the finite-depth, elementary- 

base fragment. CL3 is a conservative extention of classical predicate calculus in the 
language which, along with all of the (appropriately generalized) logical operators of 
classical logic, contains propositional connectives and quantifiers representing the so 
called choice operations. The atoms of this language are interpreted as elementary 
problems, i.e. predicates in the standard sense. Among the potential application ar- 
eas for CL3 are the theory of interactive computation, constructive applied theories, 
knowledgebase systems, systems for resource-bound planning and action. 

This paper is self-contained as it reintroduces all relevant definitions as well as 
main motivations. It is meant for a wide audience and does not assume that the 
reader has specialized knowledge in any particular subarea of logic or computer 
science. 

Key words: Computability logic, Interactive computation, Game semantics, 
Linear logic, Constructive logics, Knowledge bases 
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1 Introduction 

The question "What can be computed?" is fundamental to theoretical com- 
puter science. The approach initiated recently in [11], called computability 
logic, is about answering this question in a systematic way using logical for- 
malism, with formulas understood as computational problems and logical op- 
erators as operations on computational problems. 

The collection of operators used in [11] to form the language of computability 
logic can be seen as a non-disjoint union of those of classical, intuitionistic and 
- in a very generous sense — linear logics, with the computational semantics 
of classical operators fully consistent with their standard meaning, and the 
semantics of the intuitionistic-logic and "linear-logic" operators formalizing 
the (so far rather abstract) computability and resource intuitions tradition- 
ally associated with those two logics. This collection captures a set of most 
basic and natural operations on computational problems. But it generally re- 
mains, and will apparently always remain, open to different sorts of interesting 
extensions, depending on particular needs and taste. Some of such extensions 
are outlined in [13]. Due to the fact that the language of computability logic 
has no clear-cut boundaries, every technical result in this area will deal with 
some fragment of that logic rather than the whole logic. The result presented 
in this paper concerns what in [11] was called the finite-depth, elementary-base 
fragment. 

This fragment is axiomatized as a rather unusual type of a deductive sys- 
tem called CL3. It is a conservative extension of classical first-order logic 
in a language obtained by incorporating into the formalism of the latter the 
"additive" and "multiplicative" groups of to what we — with strong reser- 
vations — referred as "linear-logic operators". The main technical result of 
this paper is a proof of soundness and completeness for CL3 with respect to 
computability semantics. A secondary result is a proof of decidability for the 
classical-quantifier-free (yet first-order) fragment of CL3. These proofs are 
given in Part 2. Part 1 is mainly devoted to a relatively brief (re) introduction 
to the relevant fragment and relevant aspects of computability logic, serving 
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the purpose of keeping the paper self-contained both technically and motiva- 
tionally. A more detailed and fundamental introduction to computability logic 
can be found in [11]. A considerably less technical and more compact — yet 
comprehensive and self-contained — overview of computability logic is given 
in [13], reading which is most recommended for the first acquaintance with 
the subject and for a better appreciation of the import of the present results. 
The soundness and completeness of the propositional fragment CL1 of CL3 
has been proven in [12]. 

Traditionally construed computational problems correspond to interfaces in 
transformational programs where the interaction between a system and its 
environment is simple and consists of two steps: querying the system and 
generating an answer. The computational problems that our approach deals 
with are more general in that the underlying interfaces may have arbitrary 
complexity. Such problems and the corresponding computations can be called 
interactive as they model potentially long dialogues between the system and 
the environment. From the technical point of view, computability logic is a 
game logic, because it defines interactive computations as games. There is 
an extensive literature on "game-style" models of computation in theoretical 
computer science: alternating Turing machines, interactive proof systems etc., 
that are typically only interesting in the context of computational complexity. 
Our approach, which is concerned with computability rather than complexity 
and deals with deterministic rather than nondeterministic choices, at present 
is only remotely related to that line of research, and the similarity is more 
terminological than conceptual. From the other, 'games in logic' or 'game 
semantics for linear logic' line, the closest to our present study appears to be 
Blass's work [3], and less so some later studies by Abramsky, Jagadeesan ([1]), 
Hyland, Ong ([6]) and others. See [11] for discussions of how other approaches 
compare with ours. 

There are considerable overlaps between the motivations and philosophies of 
linear (as well as intuitionistic) and computability logics, based on which [11] 
employed some linear-logic terminology. It should be pointed out, however, 
that computability logic is by no means about linear logic. Unlike most of the 
other game semantics approaches, it is not an attempt to use games to con- 
struct good models for Girard's linear logic, Heyting's intuitionistic calculus 
or any other, already given popular syntactic targets. Rather, computability 
logic evolves by the more and only natural scheme 'from semantics to syntax': 
it views games as foundational entities in their own right, and then explores 
the logical principles validated by them. Its semantics, in turn, follows the 
scheme 'from truth to computability'. It starts from the classical concept of 
truth and generalizes it to the more constructive, meaningful and useful con- 
cept of computability. As we are going to see, classical truth is nothing but a 
special case of computability; correspondingly, classical logic is nothing but a 
special fragment of computability logic and of CL3 in particular. 
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The scope of the significance of our study is not limited to logic or theory of 
computing. As we will see later and more convincingly demonstrated in [11] 
and [13], some other application areas include constructive applied theories, 
knowledgebase systems, or resource-bound systems for planning and action. 

PART I 

This part briefly reintroduces the subject and states the main results of the 
paper. 

2 Computational problems 

The concept of computability on which the semantics of our logic is based is 
a natural but nontrivial generalization of Church- Turing computability from 
simple, two-step (question/answer, or input/output) problems to problems 
of arbitrary degrees and forms of interactivity where, in the course of inter- 
action between the machine and the environment, input and output can be 
multiple and interlaced, perhaps taking place throughout the entire process of 
computation rather than just at the beginning (input) and the end (output) 
as this is the case with simple problems. Technically the concept is defined 
in terms of games: an interactive computational problem/task is a game be- 
tween a machine and the environment, where dynamic input steps are called 
environment's moves, and output steps called machine's moves. 

The necessity in having a clear mathematical model of interactive computation 
hardly requires any justification: after all, most tasks that real computers and 
computer networks perform are truly interactive. And this sort of tasks can- 
not always be reduced to simple series of (the well-studied and well-modeled) 
two-step tasks. E.g., interactive tasks involving multiple concurrent subtasks 
naturally generate situations/positions where both parties may have mean- 
ingful actions to take, and it may be up to the player whether to try to 
make a move or wait to see how things evolve, perhaps performing some vital 
computations while waiting and watching. 1 It is unclear whether the steps 
corresponding to such situations should be labeled as 'machine-to-move' or 
'environment-to-move', which makes it impossible to break the whole process 
into consecutive pairs or alternately-labeled steps. 

Standard game-semantical approaches that understand players' strategies as 
functions from positions to moves 2 fail to capture the substance of interac- 

1 See Sections 3 and 15 of [11] for more detailed discussions and examples. 

2 Often some additional restrictions are imposed on this sort of strategies. Say, in 
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tion in full generality, as they essentially try to reduce interactive processes 
to simple chains of quest ion/ answer events. This is so because the 'strat- 
egy=function' approach inherently only works when at every step of the play 
the player who is expected to make a move is uniquely determined. Let us call 
this sort of games strict. Strictness is typically achieved by having what in [2] 
is called procedural rules or equivalent — rules strictly regulating who and 
when should move, the most standard procedural rule being the one according 
to which players should take turns in alternating order. 

One of the main novel and distinguishing features of our games among the 
other concepts of games studied in the logical literature — including the one 
tackled by the author [7] earlier — is the absence of procedural rules, based 
on which our games can be called free. In these games, either player is free to 
make any move at any time. Instead of having procedural rules common for 
all games, each particular game comes with its own what we call structural 
rules. These are rules telling what moves are legal for a given player in a 
given position. Making an illegal move by a player is possible but it results in 
a loss for that player. The difference between procedural and structural rules 
is not just terminological. Unlike the standard procedural rules that allow only 
one player to move (at least move without penalty) in every given situation, 
structural rules can be arbitrarily lenient. In particular, they do not necessarily 
have to satisfy the condition that in every position at most one of the players 
may have legal moves. When, however, this condition still is satisfied, we 
essentially get the above-mentioned strict type of a game: the structural rules 
of such a game can be thought of as procedural rules according to which the 
player that is expected to move in a given non-terminal position is the (now 
uniquely determined) one that has legal moves in that position. Strict games 
are thus special cases of our more general free games. The latters present a 
more adequate and apparently universal modeling tool for interactive tasks. 

Strategies for playing free games can and should no longer be defined as func- 
tions from positions to moves. In the next section we will define them as 
higher-level entities called play machines. 

To define our games formally, we fix several classes of objects and dedicated 
(meta-) variables for them. By placing the common name for objects between 
braces we denote the set of all objects of that type. Say, {variables} stands 
for the set of all variables. These objects are: 

• Variables, with {variables} = {vo, vi, v^}- Letters x,y,z will be used as 
metavariables for variables. 

• Constants, with {constants} = {0,1,2,...}. Letter c will be used as a 
metavariable for constants. 

Abramsky's tradition, strategies only look at the other player's immediately pro- 
ceeding moves. 
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• Terms, with {terms} = {variables} U {constants} . Letter t will be used as 
a metavariable for terms. 

• Valuations, defined as any functions of the type {variables} — > {constants} . 
A metavariable for valuations: e. Each valuation e extends to a function of 
the type {terms} — > {constants} by stipulating that, for every constant c, 
e(c) = c. 

• Moves, defined as any finite strings over the standard keyboard alphabet 
plus the symbol 4k- Metavariables for moves: a, j3. 

• Players, with {players} = {T,_L}. Here and from now on T and _L are 
symbolic names for the machine and the environment, respectively. Letter 
p will range over players, with ->p meaning "p's adversary", i.e. the player 
that is not p. 

• Labeled moves, or lab moves. They are defined as any moves prefixed 
with T or _L, with such a prefix (label) indicating who has made the move. 

• Runs, defined as any (finite or infinite) sequences of labmoves. Metavari- 
ables for runs: T, A. 

• Positions, defined as any finite runs. A metavariable for positions: $. 

Runs and positions will often be delimited with "(" and ")", with () thus 
denoting the empty run. The meaning of an expression such as ($, pa, T) 
must be clear: this is the result of appending to the position <l> the position 
(pa) and then the run T. 

Definition 2.1 A game is a pair A = (Lr A , Wn" 4 ), where: 

• Lr A is a function that sends each valuation e to a set Lrf of runs, such that 
the following two conditions are satisfied: 

(a) A run is in Lrf iff all of its nonempty finite initial segments are in Lr A . 

(b) No run containing the (whatever-labeled) move 4k is in Lr e . 
Elements of Lr A are called legal runs of A with respect to e, and all other 
runs called illegal. In particular, if the last move of the shortest illegal 
initial segment of T is p-labeled, then T is said to be a p-illegal run of A 
with respect to e. 

• Wn is a function of the type {valuations} x {runs} — > {players} such 
that, writing Wn A (r) for Wn A (e,T), the following condition is satisfied: 

(c) If T is a p-illegal run of A with respect to e, then Wnf(r) = -ip. 

To what we earlier referred as "structural rules" are thus represented by the 
Lr component of a game, and we call it the structure of that game. The 
meaning of the Wn component, called the content, is that it tells us who has 
won a given run of the game. When Wnf(r) = p, we say that T is a p-won 
(or won by p) run of A with respect to e. 

Just as predicates (their truth values) in classical logic generally depend on 
how certain variables are interpreted, so do games: both the structure and the 
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content of a game take valuation e as a parameter. We will typically omit this 
parameter when it is irrelevant or clear from the context. 

Meaning by an illegal move a move adding which (with the corresponding 
label) to the given position makes it illegal, condition (a) of Definition 2.1 
corresponds to the intuition that a run is legal iff no illegal moves have been 
made in it. This automatically makes the empty run () a legal run of every 
game. Our selection of the set of moves is very generous, and it is natural and 
technically very convenient to assume that certain moves will never be legal. 
According to condition (b), 6 is such a move. As for condition (c), it tells us 
that an illegal run is always lost by the player who has made the first illegal 
move. 



We say that a game A depends on a variable x iff there are two valuations 
e\ and e 2 that agree on all variables except x such that either Lr^ ^ Lrf 2 or 



Wn£ ^ Wn A 



C'2 ' 



A game A is said to be finitary iff there is a finite set x of variables such 
that, for any two valuations e x and e 2 that agree on all variables from x, we 
have Lr^ = Lrf 2 and Wn^ = Wnf 2 . Otherwise A is infinitary. One can 
easily show that for each finitary game A there is a unique smallest set x that 
satisfies the above condition — in particular, the elements of this x are exactly 
the variables on which A depends. A finitary game that depends on exactly n 
variables is said to be n-ary. 

A constant game means a 0-ary game. There is a natural operation, called 
instantiation, of the type {valuations} x {games} ^{constant games}. The 
result of applying this operation to (e, A) is denoted e[A}. Intuitively, e[A] is 
the constant game obtained from A by fixing the values of all variables to the 
constants assigned to them by e. Formally, game e[A] is defined by stipulating 
that, for any valuation e', Lr^ = Lrf and Wnj 4 ' = Wnjf. This makes e' 
irrelevant, so that it can be omitted and we can just write Lr 6 '^ and Wn 6 '' 4 '. 
For any game A, these two expressions mean the same as ~Lrf and Wnf . 

Games whose Lr component does not depend on the valuation parameter are 
said to be unistructural. Constant games are thus special cases of unistruc- 
tural games where the Wn component does not depend on valuation, either. 
Formally, a game A is unistructural iff, for any two valuations e\ and 
L< = Lr£. 

We say that a game A is finite-depth iff there is a (smallest) integer n, called 
the depth of A, such that, for every valuation e and run T with T G Lrf , the 
length of T does not exceed n. Games of depth are said to be elementary. 
Thus, elementary games are games that have no legal moves: the empty run () 
is the only legal run of such games. This automatically makes all elementary 
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games unistructural. 



Constant elementary games are said to be trivial. Obviously there are exactly 
two trivial games. We denote them by the same symbols T and _L as we use for 
the two players. In particular, T is the (unique) trivial game with Wn T () = T, 
and _L is the (unique) trivial game with Wn^O = _L. 

Let us agree to understand classical predicates — in particular, predicates 
on {0, 1, 2, . . .} — as functions from valuations to {T, _L} rather than, as more 
commonly done, functions from tuples of constants to {T, _L}. Say, x > y is 
the predicate that is true at a valuation e (returns T for it) iff e(x) > e(y). 
This understanding of predicates is technically more convenient, and is also 
slightly more general as it captures infinite-arity predicates along with finite- 
arity ones. 

All elementary games have the same structure, so their trivial Lr component 
can be ignored and each such game identified with its Wn component; further- 
more, by setting the run parameter to its only relevant value () in such games, 
Wn becomes a function of the type {valuations} — > {players}, i.e. exactly 
what we call a predicate. We thus get a natural one-to-one correspondence 
between elementary games and predicates: every predicate p can be thought 
of as the (unique) elementary game A such that Wnf() = T iff p is true at e; 
and vice versa: every elementary game A thought of as the predicate p that is 
true at e iff Wnf () = T. With this correspondence in mind, we will be using 
the terms "predicate" and "elementary game" as synonyms. So, computability 
logic understands each predicate p as a game of zero degree of interactivity, 
(the only legal run () of) which is automatically won by the machine if p is true, 
and lost if p is false. This makes the classical concept of predicates a special 
case of our concept of computational problems; correspondingly, the classical 
concept of truth is going to be a special case of our concept of computability 
- in particular, computability restricted to elementary games. 

The class of games in the above-defined sense is general enough to model 
anything that we would call a (two-player, two-outcome) interactive problem. 
However, it is too general. There are games where the chances of a player 
to succeed essentially depend on the relative speed at which its adversary 
responds and, as it is not clear what particular speed would be natural to 
assume for the environment, we do not want to consider that sort of games 
meaningful computational problems. A simple example would be the game 
where all non-<|k moves are legal and that is won by the player who moves 
first. This is merely a contest of speed. 

Below we define a subclass of games called static. Intuitively, static games are 
games where speed is irrelevant: in order to succeed, only matters what to do 
(strategy) rather than how fast to do (speed). 
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We say that a run A is a p-delay of a run T iff the following two conditions 
are satisfied: 

• for each player p', the subsequence of the p'-labeled moves of A is the same 
as that of T, and 

• for any n, k > 1, if the nth p-labeled move is made later than (is to the 
right of) the kth -ip-labeled move in T, then so is it in A. 

The above means that in A each player has made the same sequence of moves 
as in T, only in A, p might have been acting with some delay. 

Definition 2.2 A game A is said to be static iff, whenever Wnf(r) = p 
and A is a p-delay of T, we have Wnf (A) = p. 

Roughly, in a static game, if a player can succeed when acting fast, it will 
remain equally successful acting the same way but slowly. This releases the 
player from any pressure for time and allows it to select its own pace for the 
game. The following fact is a rather straightforward observation: 

Proposition 2.3 All elementary games are static. 

One of the main theses on which computability logic relies philosophically is 
that the concept of static games is an adequate formal counterpart of our 
intuitive notion of "pure", speed-independent computational problems. See 
Section 4 of [11] for a detailed discussion and examples in support of this 
thesis. 

Now we are ready to formally clarify what we mean by computational prob- 
lems: we use the term "(interactive) computational problem" (or simply 
"problem" ) as a synonym of "static game" . 

As shown in [11] (Proposition 4.8), all strict games are static. But not vice 
versa. The class of static games is substantially more general, and is free of 
the limitations of strict games discussed earlier. The closure of the set of all 
predicates under the game operations that we will define in Section 4 forms a 
natural class of static yet free games. Section 3 of [11] shows an example of a 
natural problem from this class that is impossible to model with strict games. 



3 Computability 

The definitions that we give in this section are semiformal and incomplete. 
All of the omitted technical details are however rather standard and can be 
easily restored by anyone familiar with Turing machines. If necessary, the 
corresponding detailed definitions can be found in Part II of [11]. 
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The central point of our philosophy is to require that agent T be imple- 
mentable as a computer program, with effective and fully determined behavior. 
On the other hand, the behavior (including speed) of agent _L, who represents 
a capricious user or the blind forces of nature, can be arbitrary. This intuition 
is captured by the model of interactive computation where T is formalized as 
what we call HPM. 

An HPM (hard-play machine) 7i is a Turing machine with the capability 
of making moves. At any time, the current position of the game is fully visible 
to this machine, as well as it is fully informed about the valuation with respect 
to which the outcome of the play will be evaluated. This effect is achieved by 
letting the machine have — along with the ordinary read/write work tape - 
two additional read-only tapes: the valuation tape and the run tape. The 
former spells some valuation e by listing constants in the lexicographic order 
of the corresponding variables. Its contents remain unchanged throughout the 
work of the machine. As for the run tape, it serves as a dynamic input, spelling, 
at any time, the current position of the game. Every time one of the players 
makes a move, that move (with the corresponding label) is automatically 
appended to the contents of the run tape. 

As always, the computation proceeds in discrete steps, also called clock cy- 
cles. The technical details about how exactly 7i makes a move a are not very 
interesting, but for clarity let us say that this is done by constructing a in a 
certain section (say, the beginning) of the work tape and then entering one 
of the specially designated states called move states. Thus, H can make at 
most one move per clock cycle. On the other hand, as we noted, there are no 
limitations to the relative speed of the environment, so the latter can make 
any finite number of moves per cycle. We assume that the run tape remains 
stable during a clock cycle and is updated only on a transition from one cy- 
cle to another. Again, there is flexibility in arranging details regarding what 
happens if both of the players make moves "simultaneously" . For clarity, we 
assume that if, during a given cycle, 7i makes a move a and the environment 
makes moves f3i, . . . , (3 n , then the position spelled on the run tape through- 
out the next cycle will be the result of appending (_L/3i, . . . , -L/3„, Tec) to the 
current position. 

A configuration of 7i is defined in the standard way: this is a full description 
of the ("current") state of the machine, the locations of its three scanning 
heads, and the contents of its tapes, with the exception that, in order to make 
finite descriptions of configurations possible, we do not formally include a 
description of the unchanging contents of the valuation tape as a part of con- 
figuration, but rather account for it in our definition of computation branches 
as this will be seen shortly. The initial configuration is the configuration 
where TC is in its initial state and the work and run tapes are empty. A configu- 
ration C is said to be an e-successor of a configuration C iff, when valuation 
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e is spelled on the valuation tape, C can legally follow C in the standard 
(standard for multitape Turing machines) sense, based on the transition func- 
tion of the machine and accounting for the possibility of the above-described 
nondeterministic updates of the contents of the run tape. An e-computation 
branch of H is a sequence of configurations of H where the first configura- 
tion is the initial configuration and every other configuration is an e-successor 
of the previous one. Thus, the set of all e-computation branches captures all 
possible scenarios corresponding to different behaviors by _L. 

Each e-computation branch B of Ti incrementally spells (in the obvious sense) 
some run T on the run tape, which we call the run spelled by B. Then, for 
a game A, we write 7i \= e A ("7Y wins A on e") iff, whenever B is an e- 
computation branch of H and T the run spelled by B, we have Wn e (r) = T. 
And we write H |= A iff H |= e A for every valuation e. The meaning of H |= A 
is that H wins (computes, solves) A. Finally, we write |= A and say that A 
is winnable (computable, solvable) iff there is an HPM H with H |= A. 

The above "hard-play" model of interactive computation seemingly strongly 
favors the environment in that the latter may be arbitrarily faster than the 
machine. What happens if we start limiting the speed of the environment? 
The answer is: nothing as far as computational problems are concerned. The 
model of computation called EPM takes the idea if limiting the speed of 
the environment to the extreme, yet it yields the same class of computable 
problems. 

An EPM (easy-play machine) is defined in the same way as an HPM, 
with the only difference that now the environment can (but is not obligated 
to) make a move only when the machine explicitly allows it to do so, the 
event that we call granting permission. Technically permission is granted 
by entering one of the specially designated states called permission states. 
The only requirement that the machine is expected to satisfy is that, as long 
as the adversary plays legal, the machine should grant permission every once 
in a while; how long that "while" lasts, however, is totally up to the machine. 
This amounts to having full control over the speed of the adversary. 

The above intuition is formalized as follows. We say that an e-computation 
branch B of a given EPM is fair if permission is granted infinitely many times 
in B. A fair EPM is an EPM whose every e-computation branch (for every 
valuation e) is fair. For an EPM £ and valuation e, we write £ \= e A ("£ 
wins A on e") iff, whenever B is an e-computation branch of £ and V the 
run spelled by B, we have: 

• Wnf (T) = T, and 

• B is fair unless T is a _L-illegal run of A with respect to e. 

Just as with HPMs, for an EPM £, £ |= A ("£ wins (computes, solves) 
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A") means that S \= e A for every valuation e. Note that when we deal with 
fair EPMs, the second one of the above two conditions is always satisfied, and 
then the definition of |= e is literally the same as in the case of HPMs. 

Remark 3.1 When trying to show that a given EPM wins a given game, it 
is always perfectly safe to assume that the environment never makes an illegal 
move, for if it does, the machine automatically wins (unless the machine itself 
has made an illegal move earlier, in which case it does not matter what the 
environment did afterwards anyway, so that we may still assume that the 
environment did not make any illegal moves). Making such an assumption 
can often significantly simplify computability proofs. 

The following fact, proven in [11] (Theorem 17.2), establishes equivalence be- 
tween the two models for computational problems: 

Proposition 3.2 For any static game A, the following statements are equiv- 
alent: 

(i) there is an EPM that wins A; 

(ii) there is an HPM that wins A; 

(iii) there is a fair EPM that wins A. 

Moreover, there is an effective procedure that converts any EPM (resp. HPM) 
M. into an HPM (resp. fair EPM) Af such that, for every static game A and 
valuation e, Af \= e A whenever A4 \= e A. 

The philosophical significance of this proposition is that it reinforces the the- 
sis according to which static games are games that allow us to make full 
abstraction from speed. Its technical importance is related to the fact that the 
EPM-model is much more convenient when it comes to describing strategies 
as we will have a chance to see in Part 2, and is a more direct and practical 
formal counterpart of our intuitive notion of what could be called interactive 
algorithm. 

The two models act as natural complements to each other: we can meaningfully 
talk about the (uniquely determined) play between a given HPM and a given 
EPM, while this is impossible if both players are HPMs or both are EPMs. 
This fact will be essentially exploited in our completeness proof for logic CL3, 
where we describe an environment's strategy as an EPM and show that no 
HPM can win the given game against such an EPM. 

Let us agree on the following notation and terminology: 

• For a run T, ->T denotes the result of reversing all labels in T, i.e. changing 
each lab move pa to ->pa. 
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• For a run T and a computation branch B of an HPM or EPM, we say that 
B cospells r iff B spells -.r. 

Intuitively, when a given machine M. plays as _L (rather than T) , then the run 
that is generated by a given computation branch B of M. is the run cospelled 
(rather than spelled) by B, for the moves that M. makes get the label _L, and 
the moves that its adversary makes get the label T. 

The following lemma will be used in our completeness proof for CL3. Its 
second clause assumes some standard encoding for play machines and their 
configurations. 

Lemma 3.3 Let £ be a fair EPM. 

(a) For any HPM Ti and any valuation e, there are a uniquely defined e- 
computation branch Bg of £ and a uniquely defined e- computation branch B^ 
of H — which we respectively call the (£, e, 7i)-branch and the (H,e,£)- 
branch — such that the run spelled by B-^ is the run cospelled by B^. 

(b) Suppose eo, ei,e2, ... are valuations such that the function g defined by 
g(c,i) = e c (vi) is effective. Then there is an effective function which takes (the 
code of) an arbitrary HPM Ti and arbitrary nonnegative integers c, n, and 
returns the (code of the) nth configuration of the (£,e c ,H) -branch. Similarly 
for the (H,e c ,£) -branch. 

When e, Ti, £, B^ are as in clause (a) of the above lemma, we call the run V 
spelled by B n the H vs £ run on e; then, if A is a game with Wn e (r) = T 
(resp. Wn^(r) = _L), we say that H wins (resp. loses) A against £ on e. 

A formal proof of Lemma 3.3 is given in [11] (Lemma 20.4), 3 and we will not 
reproduce it here. Instead, the following intuitive explanation would suffice: 

Assume £ is a fair EPM, Ti is an arbitrary HPM and e an arbitrary valuation. 
The play that we are going to describe is the unique play generated when the 
two machines play against each other, with Ti in the role of T, £ in the role 
of _L, and valuation e spelled on the valuation tapes of both machines. We 
can visualize this play as follows. Most of the time during the play H remains 
inactive (sleeping); it is woken up only when £ enters a permission state, on 
which event Ti makes a (one single) transition to its next computation step 
- that may or may not result in making a move — and goes back to sleep 
that will continue until £ enters a permission state again, and so on. From 
£'s perspective, Ti acts as a patient adversary who makes one or zero move 

3 Clause (b) of our lemma 3.3 is slightly stronger than the official formulation of 
the corresponding clause (c) of Lemma 20.4 of [11]. However, the proof given in [11] 
is just as good for our present strong formulation. 
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only when granted permission, just as the EPM- model assumes. And from 7i's 
perspective, who, like a person under global anesthesia, has no sense of time 
during its sleep and hence can think that the wake-up events that it calls the 
beginning of a clock cycle happen at a constant rate, £ acts as an adversary 
who can make any finite number of moves during a clock cycle (i.e. while TC was 
sleeping), just as the HPM-model assumes. This scenario uniquely determines 
an e-computation branch Bg of S that we call the (£, e, 7i)-branch, and an 
e-computation branch B H of TC that we call the (TC, e, £)-branch. What we 
call the TC vs £ run on e is the run generated in this play. In particular - 
since we let TC play in the role of T - - this is the run spelled by B n . £, who 
plays in the role of _L, sees the same run, only it sees the labels of that run 
in negative colors. That is, B^ cospells rather than spells that run. This is 
exactly what clause (a) of Lemma 3.3 asserts. Now suppose e , e±, e 2 , . . . and g 
are as in clause (b), and e is one of the e c . Then, using g, the contents of any 
initial segment of the valuation tape(s) can be effectively constructed from c. 
Therefore the work of either machine can be effectively traced up to any given 
computation step n, which implies clause (b). 



4 Operations on computational problems 

As noted, computability logic is an approach that uses logical formalism for 
specifying and studying interactive computational problems in a systematic 
way, understanding logical operators as operations on games/problems. It is 
time to define basic operations on games. It should be noted that even though 
our interests are focused on static games, the operations defined in this section 
are equally meaningful for non-static (dynamic) games as well. So, we do not 
restrict the scope of those definitions to static games, and throughout the 
section we let the letters A, B range over any games. Here comes the first 
definition: 

Definition 4.1 Let A be any game, xi,...,x n (n > 0) pairwise distinct 
variables, and ti,...,t n any terms. For any valuation e, let e° denote the 
unique valuation that agrees with e on all variables that are not among 
Xi,...,x n , such that, for each X{ G {x±, . . . , x n }, e°{xj) = e(ti). Then we 
define the game A[xi/t\, . . . , x n /t n ] by stipulating that, for any valuation 
e, Lr^ [xi/tl '-' x " /tnl = Lrfo and Wnf Xl/tl -' Xn/tn] = Wnf D ; in other words, 
e[A[x 1 /t 1 ,...,x n /t n }} =e°[A\. 

This operation, that we call substitution of variables, is a generalization 
of the standard operation of substitution of variables known from classical 
predicate logic. Intuitively, A[x\/t\, . . . , x n /t n ] is the same as A, only with (the 
values of) variables x±, . . . , x n "read as" (the values of) t±, . . . , t n , respectively. 
Each ti here can be either a variable or a constant. Remember from Section 2 
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that when ti is a constant, e(ti) = U. 

Example: If A is the elementary game x x y > z + u, then A[x/z,z/6,u/y] 
would be the game z x y > 6 + y. 

Sometimes it is convenient to fix a certain tuple (x±, . . . ,x n ) of pairwise dis- 
tinct variables for a game A throughout a context and write A in the form 
A(xi, . . . , x n ). We will refer to such a tuple (xi, . . . , x n ) as the attached tu- 
ple of (the given representation of) A. When doing so, we do not necessarily 
mean that A(x±, . . . , x n ) is an n-ary game and/or that x±, . . . , x n are exactly 
the variables on which this game depends. Once A is given with an attached 
tuple (xi, . . . , x n ), we will write A(ti, . . . ,t n ) to mean the same as the more 
clumsy expression A[xi/ti, . . . , x n /t n ]. A similar notational practice is com- 
mon in the literature for predicates. Thus, the above game x x y > z + u 
can be written as A(x,z,u), in which case A(z,6,y) will denote the game 
z x y > 6 + y. 

We have already seen two meanings of symbol -■: one was that of an operation 
on players (Section 2), and one that of an operation on runs (Section 3). Here 
comes the third meaning of it — that of an operation on games: 

Definition 4.2 The negation ->A of a game A is defined by: 

• Lr^ A = {r | e Lif }. 
. w n ; A (r> = -Wn^r>. 

Intuitively, ->A is game A with the roles of the two players switched: T's moves 
or wins become _L's moves or wins, and vice versa. For example, if Chess is the 
game of chess from the point of view of the white player, then -i Chess would 
be the same game from the point of view of the black player. 

The operations A and V produce parallel combinations of games. Playing 
Ai A . . . A A n or Ai V . . . V A n means playing the n games concurrently. Both 
Ai A . . . AA n and A± V . . . V A n have exactly the same structure (legal moves), 
and the only difference is in how the winner is determined: in order to win, 
in the former T needs to win in each of the n components, while in the latter 
winning in one of the components is sufficient. To indicate that a given move 
is made in the ith component, the player should prefix it with the string "i.". 
Any move that does not have one of such prefixes will be considered illegal. 

Here comes the formal definition. In it the notation T 7 means the result of 
removing from T all labeled moves except those of the form p^a {p G {T, _L}), 
and then deleting the prefix "7" in the remaining moves, i.e. changing each 
such pry a to pa. 

Definition 4.3 Let A 1: . . . , A n (n > 2) be any games. 
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The parallel conjunction Ai A . . . A A n of Ai, . . . , A n is defined by: 

• T G Lr^ lA "' Ayln iff every move of T has one of the prefixes "1.", . . . , "n." 
and, for each i G {1, . . . , n}, P' G Lrf\ 

• Whenever T G Lrf lA - AA \ Wnf lA - AA "(r) = T iff, for all % G {l,...,n}, 
Wn^(P-) = T. 

The parallel disjunction A 1 V . . . V A n of Ai, . . . , A n is defined in exactly 
the same way, only with "T" replaced by "_L" . Equivalently, it can be defined 
bjA 1 V...\/A n = def — >(— 'Ax A ... A ~'A n ). 

The other operation from the same group — the parallel implication A — > B 

of games A and B — is defined by A — > 5 = de j V £>. 

Intuitively, A — > is the problem of reducing {consequent) to A (an- 
tecedent). That is, solving A — > 5 means solving S having A as a com- 
putational resource. Generally, computational resources are symmetric to 
computational tasks/problems: what is a problem for one player to solve, is a 
resource for the other player to use, and vice versa. Since in the antecedent of 
A — > B the roles of the players are switched, A becomes a problem for _L to 
solve, and hence a resource that T can use. Thus, our semantics of computa- 
tional problems is, at the same time, a semantics of computational resources. 
As noted before, this offers a materialization of the abstract resource philos- 
ophy associated with linear logic [4]. We will see a couple of examples later 
supporting this claim. More elaborated examples and discussions can be found 
in [11], where, in Section 26, the context of computational resources is further 
extended to informational and physical resources as well. [13] also abounds 
with illustrative examples. 

On an intuitive level, our parallel operations can be related to the corre- 
sponding multiplicative operators of linear logic. The game-semantical ap- 
proach to linear-logic-style connectives is not new in principle, even if it has 
rather stubbornly resisted a complete treatment within natural frameworks. 
What makes our understanding of "multiplicatives" substantially different 
from other ([1,3,6] etc.) interpretations is that they are free, i.e. generate free 
games, even when applied to strict games. As an example, consider the game 
ChessAChess. Assume an agent plays this two-board game over the Internet 
against two independent adversaries — adversary #1 on board #1 and adver- 
sary #2 on board #2 — that, together, form the (one) environment for the 
agent. As we agreed, Chess is the game playing which means playing the game 
of chess white. Hence, in the initial position of Chess A Chess, only the agent 
has legal moves. But once such a move is made, say, on board #1, the picture 
changes. Now both the agent and the environment have legal moves: the agent 
may make another opening move on board #2, while the environment — in 
particular adversary #1 — may make a reply move on board #1. This is a sit- 
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uation where which player 'is to move' is no longer strictly determined, so the 
next player to move will be the one who can or wants to act faster. A strict- 
game approach would impose some additional conditions uniquely determining 
the next player to move. Such conditions would most likely be artificial and 
not quite adequate, for the situation we are trying to model is a concurrent 
play on two boards against two independent adversaries, and we cannot or 
should not expect any coordination between their actions. Most of the com- 
pound tasks we perform in everyday life are free rather than strict, and so are 
most computer communication/interaction protocols. A strict understanding 
of A would essentially mean some sort of an (in a way interspersed but still) 
sequential rather than truly parallel/concurrent combination of tasks, where 
no steps in one component would be allowed to be made until receiving a 
response in the other component, contrary to the very spirit of the idea of 
parallel / distributed computation. 

It is no accident that we use classical symbols for the above operations. As 
this is easy to see, the meanings of these operations, as well as the meanings 
of the so called blind quantifiers V, 3 that will be defined shortly, are exactly 
classical when their scope is restricted to elementary games (in which case 
the compound games generated by these operations also remain elementary). 
This is what makes classical logic just a special fragment of the more general 
and expressive computability logic. Once the scope of the "classical" propo- 
sitional connectives is extended beyond elementary games, however, their be- 
havior starts resembling that of the multiplicative operators of linear logic. 
E.g. the principle A — > A A A generally fails for nonelementary games. Yet, 
this resemblance is rather shallow, and typically disappears as soon as we start 
considering longer and "deeper" formulas. See [11] for more about how com- 
putability logic relates to linear logic. We do not want to go into details of this 
discussion here because, as pointed out in Section 1, this work is everything 
but an attempt to find a justification for linear logic — the popular logic that 
is syntactically so appealing yet lacks a convincing semantics. 

The next group of operations: r~l, l_l, I I and LI that we call choice operations, 
on the other hand, bear resemblance with the additive operators of linear logic. 
Based on their semantics, in more traditional terms they can be characterized 
as constructive versions of conjunction, disjunction, universal quantifier and 
existential quantifier, respectively. 

nxA(a;) is the game where, in the initial position, only _L has legal moves. 
Such a move consists in a choice of one of the elements of the universe of 
discourse. After _L makes a move c G {0, 1, . . .}, the game continues (and the 
winner is determined) according to the rules of A(c). If no initial move is made, 
T is considered the winner as there was no particular (sub)problem specified 
by _L that T failed to solve. A n B is similar, only here the choice is just made 
between "left" ("1") and "right" ("2"). U and U are symmetric to fl and n, 
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with the only difference that now it is T rather than _L who makes an initial 
move/choice. Here is the formal definition: 

Definition 4.4 Let A(x), A 1: . . . , A n (n > 2) be any games. 

The choice conjunction Ai n . . . n A n of A 1: . . . , A n is defined by: 

• Lr^ n - n ^ = {()}U{<±i,A> \ie{l,...,n}, AeLrf}. 

• Wnf in ~ nAn (T} = JL iff T = (±i,A), where ie{l,...,n} and Wnf(A) = 
_L 

The choice disjunction U . . . U A n of Ai, . . . , A n is defined in exactly the 
same way, only with "T" instead of "_L" . Equivalently it can be defined by 

A1U...U4 = def -.(-.Ain...n-.A.)- 

The choice universal quantification l~1a;A(a;) of A(x) is defined by: 

• Lr^W = {()} U {(±c, A) I c is a constant, A G Lrf (c) }. 

• Wn^^^r) = JL iff T = (±c, A), where c is a constant and Wnf (c) (A) = 
_L 

The choice existential quantification U:rA(:r) of A(x) is defined in exactly 
the same way, only with "T" instead of "J_". Equivalently, it can be defined 
by UxA(x) = def -n\lx^A(x). 

A few examples would help. The problem of computing a function / can be 
specified as \~\xUy(f(x) = y). This is a game of depth 2, where the first 
legal move — selecting a particular value k for x — is by _L. Making such a 
move brings the game down to YAy(f{k) = y). The second move — selecting 
a value n for y — is by T, after which the game continues (or rather stops) 
as f(k) = n. The latter is an elementary game won by T iff f(k) really equals 
n. Obviously / is computable in the standard sense iff \~~\x\-\y(f(x) = y) is 
winnable, i.e. computable in our sense. 

Next, the problem of deciding a predicate p(x) would be specified as \~\x(p(x)U 
->p(x)). This is the game where, after _L selects a value k for x, the machine 
should reply by one of the moves 1 or 2; the game will be considered won by 
the machine if p{k) is true and the move 1 was made, or p{k) is false and the 
choice was 2, so that decidability of p(x) means nothing but existence of a 
machine that wins the game \~~\x(p(x) U ->p(x)). 

To get a feel of — > as a problem reduction operation, let us consider reduction 
of the acceptance problem to the halting problem (the example borrowed 
from [11]). The halting problem can be expressed by \~\x\~\y(Halts(x, y) U 
-iHalts(x,y)), where Halts(x,y) is the predicate "Turing machine x halts on 
input y" . Similarly, the acceptance problem can be expressed by the formula 
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\~\x\~\y(Accepts(x, y) U -^Accepts(x,y)), where Accepts(x,y) is the predicate 
"Turing machine x accepts input y" . While the acceptance problem is not 
decidable, it is algorithmically reducible to the halting problem. In particular, 
there is an HPM that wins 

\~\x\~\y(Halts(x,y) U -*Halts(x,y)) — > \~\x\~\y(Accepts(x, y) U -^Accepts(x,y)). 

Here is a strategy for solving this problem: Wait till the environment selects 
values k and n for x and y in the consequent (if such a selection is never 
made, the machine wins). Then specify the same values k and n for x and y 
in the antecedent (where the roles of the machine and the environment are 
switched), and see whether _L responds by 1 or 2 there. If the response is 1, 
simulate machine k on input n until it halts, and select, in the consequent, 
1 or 2 depending on whether the simulation accepted or rejected. And if _L's 
response in the antecedent was 2, then select 2 in the consequent. 

We can see that what the machine did in the above strategy indeed was a 
reduction: it used an (external) solution to the halting problem to solve the 
acceptance problem. There are various natural concepts of reduction, and the 
sort of reduction captured by — >, that we call linear reduction, is most basic 
among them. 

One of the other, well-established, concepts of reduction is mapping reduc- 
tion: A predicate p(x) is said to be mapping reducible to a predicate q(x) iff 
there is an effective function / such that, for any constant c, p(c) is true iff 
q(f(c)) is true. Using A <-> B as an abbreviation for (A — > B) A (B — > A), 
it is not hard to see that mapping reducibility of p(x) to q(x) means nothing 
but winnability of the game V~\x\-\y(p(x) <-> q(y)). 

Notice that while standard approaches only allow us to talk about (a what- 
ever sort of) reducibility as a relation between problems, in our approach 
reduction becomes an operation on problems, with reducibility as a rela- 
tion simply meaning computability of the corresponding combination (such 
as V~\x\-\y(p(x) <-> q(y)) or A — > B) of problems. Similarly for other relations 
or properties such as the property of decidability. The latter becomes the op- 
eration of deciding if we define the problem of deciding a predicate (or any 
computational problem) p(x) as the game \~\x(p(x) U -ip(x)). So, now we can 
meaningfully ask questions such as "Is the linear reduction of the problem of 
deciding p(x) to the problem of deciding q(x) linearly reducible to the mapping 
reduction of p(x) to q{x)T\ This question would be equivalent to whether the 
following problem is (always) computable: 

\lx\Jy(p(x) <r* q(y)) -> (|~la;(g(a;) U ^q{x)) -> V\x(p(x) U -ip(a;))). (1) 
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This problem is indeed computable no matter what particular predicates p(x) 
and q(x) are, which means that mapping reduction is at least as strong as 
linear reduction. Here is a strategy: Wait till _L selects a value k for x in the 
consequent of the consequent of (1). Then specify the same value k for x in 
the antecedent of (1), and wait till _L replies there by selecting a value n for 
y. Then select the same value n for x in the antecedent of the consequent of 
(1). _L will have to respond by 1 or 2 in that component of the game. Repeat 
that very response in the consequent of the consequent of (1), and celebrate 
victory. 

Expression (1) is a legal formula of the language of CL3 which, according to 
our main Theorem 5.9, is sound and complete with respect to computability 
semantics. So, had our ad hoc methods failed to find an answer (and this 
would certainly be the case if we dealt with a more complex problem), the 
existence of a successful algorithmic strategy could have been established by 
showing that (1) is provable in CL3. Moreover, by clause (a) of Theorem 5.9, 
after finding an CL3-proof of (1), we would not only know that an algorithmic 
solution to (1) exists, but we would also be able to constructively obtain such 
a solution from the proof. On the other hand, the fact that linear reduction 
is not as strong as mapping reduction could be established by showing that 
CL3 does not prove 

(T~\x(q(x) U ->q(x)) — > \~~\x(p(x) U — > \~\xlAy(p(x) <-> q(y)). (2) 

This negative fact, too, can be established effectively as, according to Theorem 
5.7, the relevant fragment of CL3 is decidable. Our proof of the completeness 
part of Theorem 5.9 would then offer a way how to construct particular pred- 
icates p(x) and q(x) for which (2) is not computable. 

These few examples must be sufficient to provide insights into the utility of 
computability logic and CL3 in particular for theory of computing: our logic 
offers a convenient tool for asking and answering questions in the above style 
(and beyond) in a systematic way, something that so far has been mostly done 
in an ad hoc manner or has been simply impossible to do. By iterating avail- 
able operators, we can express and explore an infinite variety computational 
problems and relations between them, only few of which may have special 
names established in the literature. 

The next, already mentioned group of operations is what we call "blind quan- 
tifiers": V and 3, with hardly any reasonably close counterparts in linear logic. 
For certain reasons, the operations Vrr and 3a; we only define for games called 
x-unistructural. A game A is said to be x-unistructural (or unistructural 
in x) iff, for any two valuations e\ and €2 that agree on all variables except per- 
haps x, we have Lr^ = Lr^. Intuitively, this is a game whose structure does 
not depend on x. In fact whether we impose the x-unistructurality condition 
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or not is irrelevant in our present case because this condition is automatically 
satisfied anyway: as shown in [11], all games that can be expressed in the 
language of CL3 are unistructural, and obviously all unistructural games are 
also x-unistructural. 

Definition 4.5 Let x be any variable and A(x) any x-unistructural game. 
The blind universal quantification \/xA(x) of A(x) is defined by: 

• Lr V:Ej4(:E) = Lr A( - x \ 

• Wn^ i(l) (r) = T iff, for every constant c, Wnf (c) (r) = T. 

The blind existential quantification 3xA(x) of A(x) is defined in exactly 
the same way, only with "_L" instead of "T". Equivalently, it can be defined 
by 3xA(x) = def -Wx^A(x). 

The meaning of \/xA(x) is similar to that of \~\xA(x), with the difference that 
_L does not make a move specifying a particular value of x, so that T has 
to play blindly in a way that would be successful for any possible value of 
x. Alternatively, ^xA(x) can be thought of as the version of r~la;A(:r) where 
the particular value of x selected by _L remains invisible to T. This way, 
V and 3 produce games with imperfect information. Compare the problems 
V~\x(Even(x) U Odd(x)) and \/x(Even(x) U Odd(x)). The former is an easy-to- 
compute problem of depth 2, while the latter is an incomputable problem of 
depth 1 with only by the machine to make a move — select the true disjunct, 
which is hardly possible to do as the value of x remains unspecified. Some 
problems that depend on x can be however solved having only partial infor- 
mation on x. For example, in order to tell whether x is even or odd, we do 
not really need to read the whole (decimal representation of) x — it would 
be sufficient to look at its last digit, i.e. know the value of (iMod 10). Thus, 
the problem \/x(lAy(y = (a; Mod 10)) — > (Even(x) U Odd(x))^j is computable, 
which is a more informative statement than if we had stated computability of 
the same problem with l~1 instead of V. As noted a while ago, the meanings 
of V and 3 are exactly classical when applied to elementary games, which 
explains why we use the classical notation for them. 

Another important group of operations comprises recurrence operations. 
They come in different flavors (see [13]), perhaps the most interesting of which 
is what is called branching recurrence 4 d>. Intuitively as a resource, 
is A that can be reused an arbitrary number of times. The same is true for 
the other sorts of recurrences, but there are several natural understandings 
of reusage, with i corresponding to the strongest form of it and the other 
recurrence operations corresponding to weaker concepts of reusage/recycling 
(and it is not clear which of the recurrence operations best corresponds to what 

4 In [11] this operation is called branching conjunction and is denoted by !. 
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the exponential operator ! of linear logic was meant to capture). The operation 
o— , called weak reduction, 5 is defined by Ao— B = — > B. This operation 
formalizes our weakest possible intuitive concept of reduction. The difference 
between — > and o— as reduction operations is that while in the former every 
act of resource (antecedent) consumption is strictly accounted for, the latter 
allows uncontrolled usage of resources. One of the conjectures stated in [11] is 
that we get exactly intuitionistic calculus when the intuitionistic implication 
is understood as o— and the other intuitionistic operators understood as the 
corresponding choice operations. Recurrence operators and weak reduction 
are not in the logical vocabulary of CL3, and hence we do not give formal 
definitions for them. Such definitions can be found in [11] and [13]. 

According to Theorem 14.1 of [11], all of the operations that we discussed in 
this section preserve the static and unistructural properties of games. Tak- 
ing into account that predicates as elementary games are static (Proposition 
2.3) and obviously unistructural, their closure under those operations forms a 
natural class of unistructural computational problems. All of those operations 
except i and o— also preserve the finite-depth property. Hence the closure 
of the set of all elementary problems under substitution of variables, A, V, 
— >, V, 3, U, l~l and U forms a natural class of finite-depth, unistructural 
computational problems. As we are going to see, this is exactly the class of 
problems expressible in the language of CL3. Finally, as already noted more 
than once, the operations A, V, — >, V, 3 preserve the elementary property 
of games: they send predicates to predicates; and, when restricted to predi- 
cates, they coincide with the same-name classical operations. Of course, the 
same applies to the operation of substitution of variables, as well as the trivial 
games _L and T that can be understood as 0-ary operations on games. 

One more game operation that we are going to look at is that of prefixation, 
which is somewhat reminiscent of the modal operator(s) of dynamic logic. 
This operation takes two arguments: a game A and a position $ that must be 
what we call a unilegal position of A (otherwise the operation is undefined). 
T is said to be a unilegal run (position if finite) of a game A iff, for every 
valuation e, T e Lrf . As noted above, all games that we deal with in this 
paper are unistructural, and for such games obviously there is no difference 
between "unilegal" and "legal". 

Definition 4.6 Assume $ is a unilegal position of a game A. The $-prefixation 

of A, denoted (<&)A, is defined as follows: 

• Lif> A = {T| ($,r> ELrf}. 

• Wnf )A (r> = Wn^($,r>. 



5 [11] uses the symbol =>- for this operation. 
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Intuitively, (&)A is the game playing which means playing A starting (con- 
tinuing) from position $. That is, (<&)A is the game to which A evolves (is 
"brought down") after the (lab)moves of $ have been made. We have already 
used this intuition when explaining the meaning of the choice operations. E.g., 
we said that after _L makes an initial move c, the game ria^rr) continues as 
A(c). What this meant was nothing but that (A-c)(Y~\xA(x)) = A(c). The 
following proposition summarizes this sort of a characterization of the choice 
operations, and extends it to the other operations, too. It tells us what the 
legal initial moves for a given game are, and to what game that game evolves 
after such a (uni)legal move is made. 

Proposition 4.7 In each of the following clauses, e is any valuation, p either 
player, and a,j3 any moves; in each subclause (b), the game on the left of the 
equation is assumed to be defined, i G {1, . . . , n} and c G {0, 1,2,...}. 

(1) (a) (pa) G Lr^ 4 iff (—ipa) G Lrf / 
(b) (pa)^A = ^({-npa)A). 

(2) (a) (pa)<E~Lr AlA - /sAn iffa = i.[3, where i G {1, . . . , n) and (p(3) G Lrf 1 ; 
(b) (pi.p)(A 1 A ... A An) = Ax A ... A A^ A (p(3)Ai A A i+1 A ... A A n . 

(3) (a) (pa)eLr AlV - vAn iffa = i./3, where i G {1, ... ,n} and (pf3) G Lrf 1 / 
(b) (pi.p)(A 1 V ... V An) = A 1 V ... V A,^ V (pp)Ai V A l+l V . . . V A n . 

i — \ and (^p[3) G Lrf , or 

(4) (a) (pa)GLr e ~ + iff a — i. (3, where I 

i = 2 and (pfi) G Lrf ; 

(pl.[3)(A^B) = (^p(3)A^B; 

(p2.p)(A^B) = A^(pP)B. 

(5) (a) (pa) G Lrf in - nAn iff p = JL and a = i G {1, . . . , n}; 

(b) (±i)(A 1 n...nA n ) = A t . 

(6) (a) (pa) G Lrf lU - uAn iff p = T and a = % G {1, . . . , n}; 
(b) (Ti)(A 1 U...UA n ) = A. 

(7) (a) (pa) G Lr^ xA{x) iff p = ± and a = c G {0, 1, 2, . . .}; 
(b) (±c)r\xA(x) = A(c). 

(8) (a) (pa) G Lr^ xA(x) iff p = T and a = c G {0, 1, 2, . . .}; 
(b) (Tc)UxA(x) = A(c). 

(9) (a) (pa>eLr^ iff {pa ) e Lvf^ ; 
(b) (pa)\/xA(x) =\/x(pa)A(x) . 

(10) (a) (pa) G Lrf^W iff (pa) G Lrf^; 
(b) (pa)3xA(x) = 3x(pa)A(x). 

The above fact is known from [11]. Its proof consists in just a routine analysis 
of the relevant definitions. 

Just like this is the case with recurrence operations, the language of CL3 does 
not have any constructs corresponding to prefixation. However, this operation 



(b) 
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will be heavily exploited in our soundness and completeness proof for CL3 
in Part 2. Generally, prefixation is very handy in visualizing a (unilegal) run 
of a given game A. In particular, every (sub)position $ of such a run can be 
represented by, or thought of as, the game ($)A 

Here is an example. Remember game (1). Based on Proposition 4.7, the run 
(±2.2.7, T1.7, ±1.9, T2. 1.9, ±2.1.1, T2.2.1) is a (uni)legal run of that game, 
and to it corresponds the following sequence of games: 

(i) (nx\Jy(p(x) <-> q(y))) -> (l~la;(g(a;) U ^q(x)) -> \lx(p(x) U 
i.e. (>(1); 

(ii) (px\Jy(p(x) <- q(y))) - (ni(?(i) U ^q(x)) -(P(7) U -p(7))), 
i.e. (±2.2.7)(i), i.e. (±2.2.7)(1); 

(iii) (Uy(p(7) <-> -> (rix( g (i) U ^q(x)) ->(p(7) U -p(7))), 
i.e. (T1.7)(ii), i.e. (±2.2.7, T1.7)(l); 

(iv) (p(7) <- g(9)) - (r\x(q(x) U -ng(a;)) -(p(7) U -p(7))), 
i.e. (±1.9)(iii), i.e. (±2.2.7, T1.7, ±1.9)(1); 

(v) (p(7) - 9(9)) - ((?(9) U -^(9)) ->(p(7) U -np(7))), 
i.e. (T2.1.9)(iv), i.e. (±2.2.7, T1.7, ±1.9, T2.1.9)(l); 

(vi) (p(7) <- 9(9)) - (9(9) -(p(7) U -np(7))), 

i.e. (±2.1.1)(v), i.e. (±2.2.7, T1.7, ±1.9, T2. 1.9, ±2.1. 1)(1); 

(vii) (p(7) <- g (9))-(g(9)-p(7)), 

i.e. (T2.2.1)(vi), i.e. (±2.2.7, T1.7, ±1.9, T2. 1.9, ±2.1.1, T2.2.1)(l). 

Player T is the winner because the run hits a true elementary game. In this 
run T has followed the winning strategy that we described for (1) earlier. 

We finish this section by reproducing a fact proven in [11] (Proposition 21.3), 
according to which modus ponens preserves computability, and does so in a 
constructive sense: 

Proposition 4.8 For any computational problems A and B, if \= A and 

\= A ^ B, then \= B. Moreover, there is an effective procedure that converts 
any two HPMs Tii and H.2 into an HPM such that, for any computational 
problems A, B and any valuation e, whenever Hi \= e A and TC2 \= e A — > B , 
we have H3 \= e B. 

A similar closure property was proven in Section 21 of [11] with respect to the 
rules A 1— > \~\xA and A 1— > &A, with V 1— > C here and later meaning "from 
premise(s) V conclude C". 
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5 Logic CL3 



By the classical language we mean the language of pure classical first-order 
logic with individual constants but without equality and functional symbols. 
We assume that the set of terms - - i.e. variables and constants - - of 
this language is the same as the one we fixed in Section 2. As always, each 
predicate letter comes with a fixed arity. An (n-ary non-logical) atom is 
the expression p(t±, . . . ,t n ), where p is an n-ary predicate letter and the ti are 
terms. 

The language of CL3 extends the classical language by adding the operators 
U, I - !, U to its vocabulary. The names that we use for the logical operators 
of the language are the same as for the (same-symbolic-name) game operations 
defined in the previous section. Throughout the rest of this paper by a formula 
we mean a formula of this language. The definition is standard — the set of 
formulas is the smallest set of expressions such that: 

• Non-logical atoms and the logical atoms T and _L are formulas; 

• If Fi, . . . , F n (n > 2) are formulas, then so are ->F 1 , F 1 A. . .AF n , F t V. . . VF n , 
F 1 - F 2 , F 1 n . . . n F n , F 1 U . . . U F n - 

• If F is a formula and x is a variable, then VxF, 3xF, \~\xF, YAxF are 
formulas. 

The definitions of what a free or bound occurrence of a variable means are 
also standard, keeping in mind that now a variable can be bound by any of 
the four quantifiers V, 3, U. Every occurrence of a constant also counts 
as free. By a free variable of a formula F we mean a variable that has free 
occurrences in F. Similarly, the free terms of F are its free variables plus the 
constants occurring in F. As known, classical validity of a formula of the 
classical language that contains constants means the same as validity of the 
same formula with its constants understood as free variables. So, for a reader 
more used to the version of classical logic where variables are the only terms, 
it is perfectly safe to think of constants as free variables. 

In the previous section, substitution of variables was defined as an operation 
on games. Here we define a "similar" operation on formulas called substitu- 
tion of terms. Suppose F is a formula, t\, . . . , t n are pairwise distinct terms, 
and t[, . . . , t' n are any terms. Then F[ti/t[, . . . , t n /t' n ] stands for the result of 
simultaneously substituting in F all free occurrences of ti, . . . , t n by t[, . . . , t' n , 
respectively. 

In concordance with a similar notational practice established in Section 4 
for games, sometimes we represent a formula F as F(t\, . . . ,t n ) where the ti 
are pairwise distinct terms. In the context defined by such a representation, 
F(t[, . . . , t' n ) will mean the same as F[ti/t[, . . . , t n /t' n ]. Our disambiguating 
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convention is that the context is set by the expression that was used earlier. 
That is, when we first mention F{t±, . . . ,t n ) and only after that use the ex- 
pression F(t[, . . . ,t' n ), the latter should be understood as F[t 1 /t' 1 , . . . ,t n /t' n ] 
rather than the former understood as F[t[/ti, . . . ,t' n /t n ]. It should be noted 
that, when representing F as F(ti, . . . ,t n ), we do not necessarily mean that 
t±, . . . ,t n are exactly the free terms of F. 

An interpretation is a function * that sends each n-ary predicate letter p to 
an elementary game p* = A(x±, . . . , x n ) with an attached n-tuple of (pairwise 
distinct) variables. This assignment extends to formulas by commuting with 
all operations. That is: Where p and A(xi, . . . , x n ) are as above and t±, . . . , t n 
are any terms, (p(t u . . . , t n ))* = A(t u . . . , t n ); i_* = !_; (-.F)* = -.(F*); 
(Fi n . . . n F k )* = F? n . . . n F fc *; (V:rF)* = V:r(F*); etc. For a predicate letter 
p, we will say " * interprets p as A" to mean that p* = A. Similarly, for a 
formula F, if F* = A, we say that * interprets F as A. 

For a formula F, an interpretation * is said to be F-admissible iff, for any 
n-ary predicate letter p, the game A(xi, . . . , x n ^ cissi gned to p by * does not 
depend on any variables that are not among x±, . . . ,x n but occur in F. We 
need this condition to avoid possible collisions of variables. 

Definition 5.1 A formula F is said to be valid iff \= F* for every F-admissible 
interpretation *. 

To axiomatize the set of valid formulas, we need some technical preliminaries. 
Understanding F — > G as an abbreviation for -F V G, a positive (resp. 
negative) occurrence of a subformula is one that is in the scope of an 
even (resp. odd) number of occurrences of A surface occurrence of a 
subformula is an occurrence that is not in the scope of any choice operators. 
A formula not containing choice operators — i.e. a formula of the classical 
language — is said to be elementary. The elementarization of a formula 
F is the result of replacing in F all surface occurrences of subformulas of the 
form G\ U . . . U G n or YAxG by _L and all surface occurrences of subformulas 
of the form Gi n . . . n G n or \~\xG by T. A formula is said to be stable iff its 
elementarization is classically valid. Otherwise it is instable. 

Definition 5.2 Logic CL3 is given by the following rules: 

— » — * 

A. H i— > F, where F is stable and H is a set of formulas satisfying the 
following conditions: 

(i) Whenever F has a positive (resp. negative) surface occurrence of a sub- 
formula G± n . . . n G n (resp. G\ U . . . U G n ), for each % e {l,...,n}, H 
contains the result of replacing that occurrence in F by Gf, 

(ii) Whenever F has a positive (resp. negative) surface occurrence of a 
subformula V~\xG(x) (resp. UxG^x)), F? contains the result of replacing 
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that occurrence in F by G{y) for some variable y not occurring in F. 
Bl. F' i — y F, where F' is the result of replacing in F a negative (resp. 
positive) surface occurrence of a subformula G\\l. . .\lG n (resp. GiU. . .UG n ) 
by Gi for some % G {1, . . . , n}. 

B2. F' i— > F, where F' is the result of replacing in F a negative (resp. 
positive) surface occurrence of a subformula \~\xG{x) (resp. YAxG{x)) by 
G(t) for some term t such that (if t is a variable) neither the above occurrence 
of V~\xG(x) (resp. YAxG{x)) in F nor any of the free occurrences of x in G 
are in the scope of Vt, 3i, I It or Lit. 

— * 

Axioms are not explicitly stated, but note that the set H of premises of Rule 
A can be empty, in which case the conclusion F of that rule acts as an axiom. 
Even though this may not be immediately obvious, CL3 essentially is a (re- 
fined sort of) Gentzen-style system. Consider, for example, Rule Bl. It is very 
similar to the additive-disjunction- introduction rule of linear logic. The only 
difference is that while linear logic requires that Gi be a V- (multiplicative) 
disjunct of the premise, CL3 allows it to be any positive surface occurrence. 
This is what the calculus of structures [5] calls deep inference, as opposed to 
the shallow inference of linear logic. Natural semantics appear to naturally call 
for this sort of inference. Yet the traditional Gentzen-style axiomatizations for 
classical logic do not use it. To the question "why only shallow inference?" 
classical logic has a simple answer: "because it is sufficient" (for Godel's com- 
pleteness). Linear logic, however, may not have a very good answer to this or 
similar questions. 

In the following examples and exercise, p and q are unary predicate letters. 

Example 5.3 The following is a CL3-proof of \~\x\-ly(p(x) V -*p(y)): 

1. p(z) V ->p(z) (from {} by Rule A); 

2. Uy(p(z) V -p(y)) (from 1 by Rule B2); 

3. r\x\Jy(p(x) V -ip(y)) (from {2} by Rule A). 

Example 5.4 While 3yV 'x{p{x) V ->p(y)) is a classically valid elementary for- 
mula and hence derivable in CL3 by Rule A from the empty set of premises, 
CL3 does not prove its "constructive version" Uy\~\x(p(x) V ~<p(y)). Indeed, 
the latter is instable, so it could only be derived by Rule B2 from the premise 
\~\x(p(x) V ->p(t)) for some term t different from x. Rules Bl or B2 are not 
applicable to \~~\x(p(x) V -ip(t)), so this formula could only be derived by Rule 
A. Then its (single) premise should be p(z) V ->p(t) for some variable z dif- 
ferent from t. But p(z) V ->p(t) is now an instable formula not containing any 
choice operators, so it cannot be derived by any of the rules of CL3. 

Exercise 5.5 With Logic h F (resp. Logic \f F) here and later meaning U F 
is provable (resp. not provable) in Logic" , verify that: 
I. CL3 h \/x p{x) — > Y~\x p(x); 
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2. CL3 \f \~\x p(x) -> Vi p(i); 

3. CL3 proves formula (1) from Section 4; 

4. CL3 does not prove formula (2) from Section 4. 

From the definition of CL3 it is clear that if F is an elementary formula, then 
the only way to prove F in CL3 is to derive it by Rule A from the empty 
set of premises. In particular, this rule will be applicable when F is stable, 
which for an elementary F means nothing but that F is classically valid. And 
vice versa: every classically valid formula is an elementary formula derivable 
in CL3 by Rule A from the empty set of premises. Thus we have: 

Proposition 5.6 The n, U, IH, YA-free fragment of CL3 is exactly classical 
logic. 

This is what we should have expected for, as noted in Section 4, when restricted 
to elementary problems — and elementary formulas are exactly the ones that 
represent such problems — the meanings of all non-choice operators of CL3 
are exactly classical. 

Another natural fragment of CL3 is the one obtained by forbidding the blind 
operators in its language. This is still a first-order logic as it contains the 
constructive quantifiers l~1 and U. So, the following theorem, that will be 
proven later in Section 10, may come as a pleasant surprise: 

Theorem 5.7 The V, 3-free fragment o/CL3 is decidable. 

Of course CL3 in its full language cannot be decidable as it contains classical 
logic. However, taking into account that classical validity and hence stability 
of a formula is recursively enumerable, the following fact can be immediately 
seen from the way CL3 is defined: 

Proposition 5.8 CL3 is recursively enumerable. 

Here comes our main theorem, according to which CL3 precisely describes the 
set of all valid principles of computability. This theorem is just a combination 
of Propositions 8.1 and 9.3 proven in Part 2. 

Theorem 5.9 CL3 h F iff F is valid (any formula F ). Furthermore: 

a) There is an effective procedure that takes an CL3-proof of a formula F and 
constructs an HPM that wins F* for every F -admissible interpretation * . 

b) If CL3 1/ F, then F* is not computable for some F -admissible interpreta- 
tion * that interprets atoms as finitary predicates of arithmetical complexity 6 
A 2 . 

6 See page 48 for an explanation of what "arithmetical complexity A2" means. 
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CL3 is a fragment of the logic FD introduced in [11]. The language of FD 
is more expressive 7 in that it has an additional sort of letters called general 
letters. Unlike our predicate letters (called elementary letters in [11]) that can 
only be interpreted as elementary games, general letters can be interpreted 
as any computational problems. CL3 is obtained from FD by mechanically 
deleting the last two Rules C and D. Those two rules introduce general let- 
ters that are alien to the language we now consider. Once a general letter is 
introduced, it never disappears in any later formulas of an FD-proof. Based 
on this observation, a formula in our present sense is provable in FD iff it is 
provable in CL3, so that FD is a conservative extension of CL3. It was con- 
jectured in [11] (Conjecture 25.4) that FD is sound and complete with respect 
to computability semantics. Our Theorem 5.9 signifies a successful verification 
of that conjecture restricted to the general-letter-free fragment of FD. This 
fragment is called elementary-base as it only has elementary letters, i.e. 
all atoms of it represent elementary problems. The fragment of computability 
logic that FD is conjectured to axiomatize, in turn, is called finite-depth as 
all of its logical operators represent game operations that preserve the finite- 
depth property of games. Hence the fragment of computability logic captured 
by CL3 was called in [11] the finite-depth, elementary-base fragment. 

The language of FD, in turn, is just a fragment of the bigger language intro- 
duced in [11] for computability logic, called the universal language. The latter 
is the extension of the former by adding the operators d>, ? (? = — i<i — ■) and o— 
to it. [13] further augments the official language of computability logic with 
a few other natural operators. Along with the above-mentioned Conjecture 
25.4 regarding the soundness and completeness of FD, there were two other 
major conjectures stated in [11] regarding the universal language: Conjecture 
24.4 and Conjecture 26.2. A positive verification of those two conjectures re- 
stricted to the language of CL3 is also among the immediate consequences of 
our Theorem 5.9. 

When restricted to the language of CL3, Conjecture 24.4 of [11] sounds as 
follows: 

If a formula F is not valid, then F* is not computable for some F -admissible 
interpretation * that interprets every atom as a finitary predicate. 8 

The significance of this conjecture is related to the fact that showing non- 
validity of a given formula by appealing to interpretations that interpret atoms 

7 Ignoring the minor detail that constants were not allowed in FD. 

8 The original formulation of Conjecture 24.4 imposes three more restrictions on the 
problems through which atoms are interpreted: those problems can be chosen to also 
be determined (see [11] for a definition), strict (in the sense that in every position 
at most one of the players has legal moves) and unistructural. These conditions can 
be omitted in our case as they are automatically satisfied for elementary games. 
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as infinitary predicates generally would seriously weaken such a non-validity 
statement. E.g., if game p* depends on infinitely many variables, then p* U -tp* 
may be incomputable just due to the fact that the machine would never be 
able to finish reading all the relevant information from the valuation tape 
necessary to determine whether p* is true or false. On the other hand, once 
we restrict our considerations only to interpretations that interpret atoms 
as finitary predicates, the non-validity statement for p U —up is indeed highly 
informative: the failure to solve p* U ->p* in such a case signifies fundamental 
limitations of algorithmic methods rather than just impossibility to obtain 
all the necessary external information. A positive solution to Conjecture 24.4 
of [11] restricted to the language of CL3 is contained in clause (b) of our 
Theorem 5.9. 

As for Conjecture 26.2, it was about equivalence between validity and another 
version of this notion called uniform validity. If we disabbreviate "|= F*" as 
"3 Tt (Ti \= F*)" (with * ranging over F-admissible interpretations and H 
over HPMs), then validity of F in the sense of Definition 5.1 can be writ- 
ten as "V * 3 TC (TC \= F*)" . Reversing the order of quantification yields the 
following stronger property of uniform validity: 

Definition 5.10 A formula F is said to be uniformly valid iff there is an 
HPM TC such that, for every F-admissible interpretation *, TC \= F*. 

Intuitively, uniform validity means existence of an interpretation-independent 
solution: since no information regarding interpretation * comes as a part of 
input to our play machines, the above HPM TC with \/*(TC \= F*) will have to 

play in some standard, uniform way that would be successful for any possible 

* 

The term "uniform" is borrowed from [1] as this understanding of validity in 
its spirit is close to that in Abramsky and Jagadeesan's tradition. The concepts 
of validity in Lorenzen's [15] tradition, or in the sense of Japaridze [9,10], also 
belong to this category. Common to those uniform- validity-style notions is that 
validity there is not defined as being "always true" (true=winnable) as this is 
the case with the classical understanding of this concept; in those approaches 
the concept of truth is often simply absent, and validity is treated as a basic 
concept in its own rights. As for (simply) validity, it is closer to validities in the 
sense of Blass [3] or Japaridze [7], and presents a direct generalization of the 
corresponding classical concept in that it indeed means being true (winnable) 
in every particular setting. 

Which of our two versions of validity is more interesting depends on the mo- 
tivational standpoint. It is validity rather than uniform validity that tells us 
what can be computed in principle. So, a computability-theoretician would 
focus on validity. Mathematically, non-validity is generally by an order of 
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magnitude more informative — and correspondingly harder to prove — than 
non-uniform- validity. Say, the non- validity of p U -tp, with the above-quoted 
and now successfully verified Conjecture 24.4 of [11] in mind, means existence 
of solvable-in-principle yet algorithmically unsolvable problems — the fact 
that became known to the mankind only as late as in the 20th century. As for 
the non-uniform-validity of p U -tp, it is trivial: of course there is no way to 
choose one of the two disjuncts that would be true for all possible values of p 
because, as the Stone Age intellectuals were probably aware, some p are true 
and some are false. 

On the other hand, it is uniform validity rather than validity that is of interest 
in more applied areas of computer science such as knowledgebase systems (see 
Section 6) or resourcebase and planning systems (see Section 26 of [11] or 
Section 8 of [13]). In such applications we want a logic on which a universal 
problem-solving machine can be based. Such a machine would or should be 
able to solve problems represented by formulas of CL3 without any specific 
knowledge of the meaning of their atoms, i.e. without knowledge of the actual 
interpretation. Remembering what was said about the intuitive meaning of 
uniform validity, this concept is exactly what fits the bill. 

Anyway, the good news, signifying a successful verification of Conjecture 26.2 
of [11] restricted to the language of CL3, is that the two concepts of validity 
yield the same logic. If F is uniformly valid, then it is automatically also valid, 
as uniform validity is stronger than validity. Suppose now F is valid. Then, 
by the completeness part of Theorem 5.9, CL3 h F . But then, according to 
the 'furthermore' clause (a) of the same theorem, F is uniformly valid. Thus, 
where — in accordance to our present convention — "formula" means formula 
of the language of CL3, we have: 

Theorem 5.11 A formula is valid if and only if it is uniformly valid. 

In many contexts, such as the one of the following section, the above theo- 
rem allows us to talk about "the semantics" of CL3 without being specific 
regarding which of the two possible underlying concepts of validity we have in 
mind. 



6 CL3-based applied systems 

As demonstrated in Section 4, the language of CL3 presents a convenient 
formalism for specifying and studying computational problems and relations 
between them. Its axiomatization provides a systematic way to answer not 
only the question 'what can be computed' but — in view of clause (a) of The- 
orem 5.9 — also 'how can be computed'. Our approach brings logic and theory 



31 



of computing closer together, and its general theoretical importance is obvi- 
ous. The property of computability is at least as interesting as the property 
of (classical) truth. Moreover, as we saw, computability is also more general 
than truth: the latter is nothing but the former restricted to formulas of clas- 
sical logic, i.e. elementary formulas. Thus, studying the logic of computability 
makes at least as much sense as studying the logic of truth. The latter - 
classical logic — is well-studied and well-explored. The former, however, has 
never received the treatment it naturally deserves. 

The significance of our study is not limited to the theory of computation or 
pure logic. The fact that CL3 is a conservative extension of classical logic 
makes the former a reasonable and appealing alternative to the latter in every 
aspect of its applications. In particular, there are good reasons to try to base 
applied theories — such as, say, Peano arithmetic — on CL3 instead of just 
classical logic. From axioms of such a theory we would require to be "true" 
in our sense, i.e. represent (under the fixed, "standard" interpretation/model) 
computable problems, and from its rules of inference require to preserve the 
property of computability. One of the particular ways to construct such theo- 
ries is to treat the theorems of CL3 as logical axioms and use modus ponens 
as the only logical rule of inference. 9 All of the non-logical axioms of the old, 
classical-logic-based version of the theory are true elementary formulas and 
hence computable in our sense, so they can be automatically included into the 
new set of non-logical axioms. To those could be added new, more constructive 
and informative axioms that involve choice operators, which would allow us 
to delete some or most of the old axioms that have become no longer indepen- 
dent. A new, computability-preserving inference rule that could be included 
in the CL3-based arithmetic is the constructive rule of induction: 

l~la;(F(a;)->F(a; + l)), F(0) i-> VAxF(x). 

No old information whatsoever would be lost when following this path. On the 
other hand we would get a much more expressive, constructive and computa- 
tionally meaningful theory. All theorems of such a theory would be computable 
problems in our sense. E.g., provability of \~\x\-ly p(x,y) - - as opposed to 
\/x3yp(x, y) — would imply that, for every x, a y with p(x, y) not only exists, 
but can be algorithmically found. Moreover, such an algorithm itself can be 
effectively constructed from a proof of the formula and algorithmic solutions 
(winning HPMs) to the problems represented by the non-logical axioms of the 
theory. This would be guaranteed by clause (a) of theorem 5.9, Proposition 
4.8 and similar facts regarding any additional, non-logical rules of inference if 
such are present, such as the above constructive rule of induction. 

9 One could show that including some other standard logical rules such as quantifi- 
cation rules along with modus ponens generally would not increase the deductive 
power of the theory as long as non-logical axioms are (re)written in a proper manner. 
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Looks like our approach materializes what the constructivists have been calling 
for, yet without unsettling the classically-minded: whatever we could say or 
do by the means that classical logic offered, we can automatically still say and 
do, with the only difference that now many things we can say and do in a 
much more informative and constructive way. Our way of constructivization 
of theories is conservative and hence peaceful. This contrasts with many other 
attempts to constructivize theories, that typically try to replace classical logic 
by weaker logics with "constructive" syntactic features (often in a not very 
clear sense) — such as intuitionistic calculus — yielding loss of information 
and causing the frustration of those who see nothing wrong with the classical 
way of reasoning. 

From the purely logical point of view, it could be especially interesting to study 
applied theories in the V, 3-free sublanguage of the language of CL3. Let us 
use CA to denote the version of arithmetic based on the V, 3-free fragment 
of CL3. Of course, it would be more accurate to use the indefinite article "a" 
instead of "the" here, for we are not very specific about what the axioms of CA 
should be. Let us just say that CA has some "standard" collection of basic 
axioms characterizing =, +, x and the successor function, and includes the 
above constructive rule of induction. For the traditional, classical-logic based 
version of arithmetic we use the standard name PA. Due to the big difference 
between the underlying logics of CA and PA — enough to remember that one 
is decidable and the other is not — CA might have some new and interesting 
features. Could we obtain a reasonably expressive yet decidable theory this 
way? 10 Generally, how strong a theory (whether decidable or not) could we 
get and what would be the fundamental limitations to its deductive power? 
Would CA still be able to numerically represent all decidable predicates and 
functions as PA does? How much of its own metatheory would CA be able to 
formalize? One can show that the property of computability of the problems 
represented by formulas of CA can be expressed in the language of CA, so 
that C A, unlike PA, would be able to talk about its own "truth" . One can also 
show that PA can constructively prove that everything provable in CA is true 
and hence CA is consistent. What are the limitations of the deductive strength 
of CA that make it impossible to reproduce the same proof? If there are none, 
then what happens to Godel's incompleteness theorems in the context of CA? 
How about provability logic in general, which has been so well-studied for PA 
(see [8])? These are a few examples of the many intriguing questions naturally 
arising in this new framework and calling for answers. 



Even if the set of non-logical axioms of C A is chosen finite and the rule of induc- 
tion is not included, the fact that the underlying logic is decidable does not imply 
the decidability of CA itself, for the deduction theorem for CL3-based theories 
would work in a way rather different from how it works for classical-logic-based 
theories. 
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CL3 can as well be of high interest in applied areas of computer science such as 
AI. The point is that the language of CL3, being a specification language for 
computational problems, is, at the same tame, a coherent and comprehensive 
query and knowledge specification language — something that the language of 
classical logic fails to be. Where Age(x, y) is the predicate "Person x is y years 
old" , the knowledge represented by the formula \/x3y Age(x, y) is knowledge 
of the almost tautological fact that all people have their age. However, how to 
express (the stronger) knowledge of every person's actual age, which is more 
likely to be of relevance in a knowledgebase system? In classical logic we cannot 
do this, and this limited expressive power precludes classical logic from serving 
as a satisfactory logic of knowledgebase systems, that all the time deal with the 
necessity to distinguish between just truth and the system's actual ability to 
know/find/tell what is true. Within the framework of traditional approaches, 
classical logic needs to be extended (say, by adding to it epistemic modalities 
and the like) to obtain a more or less suitable logic of knowledgebases. In 
our case, however, the situation is much more nice: there is no need to have 
separate languages and logics for theories on one hand and knowledgebases 
on the other hand: the same logic CL3, with its standard semantics, can be 
successfully used in both cases, without the need to modify/extend/adjust it. 
Back to our example, knowledge of everyone's actual age can be expressed 
by \~\xlAyAge(x, y). Obviously the ability of an agent to solve this problem 
means its ability to correctly tell each person's age. Within the framework of 
computability logic, the concept of the knowledge of an agent can formally 
be defined as the set of the queries that the agent can actually solve. The word 
"query" here is a synonym of what we call "problem" (game), and we prefer 
to use the former in this new context only because it is more common in the 
database and knowledgebase systems lingo. 

Let us look at the query intuitions associated with our game semantics. Every 
formula whose main operator is U or LI can be thought of as a question asked 
by the user (environment). E.g., Male(Dana) U Female(Dana) is the question 
"Is Dana male or female?". Solving this problem, by our semantics for U, 
means correctly telling the gender of Dana. Formulas whose main operator 
is n or I"!, on the other hand, represent questions asked by the system. E.g., 
V~\x(Male(x) U Female(x)) is the question "Whose gender do you want me to 
tell you?". The user's response can be "Dana", which will bring the game 
down to the above user-asked question regarding the gender of Dana. Just 
as we noted when discussing computational problems, the language of CL3 
allows us to form queries of arbitrary complexities and degrees of interactivity. 
Negation turns queries into counterqueries; parallel operators generate parallel 
queries where both the user and the system can have simultaneous questions 
and counterquestions, with — > acting as a query reduction operator; and blind 
quantifiers generate imperfect-information queries. Let us look at 

Vx(L\yAge(x, y) A (Male(x) U Female(x)) -> \JzBestDiet(z, x)) , (3) 
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where BestDiet(z, x) is the predicate u z is the best diet for x" . The ability of 
the knowledgebase system to solve this query means its ability to determine 
the best diet for any person, provided that the system is told that person's age 
and gender — that is, its ability to reduce the 'best diet' problem to the 'age 
and gender' problem. That x is quantified with V rather than l~1 means that 
the system does not need to be told who the person really is. The following is 
a possible legal scenario of interaction over this query. The system is waiting 
till the user specifies, in the antecedent, the age and gender of x (without 
having explicitly specified the value of x). Our semantics automatically makes 
the system successful (winner) if the user fails to respond to either of those 
two counterqueries. Once responses in the antecedent are received, the system 
selects a diet for x. The system has been successful if the diet it selected is 
really the best diet for x as long as the user has told it the true age and gender 
of x. 

Most of the real information systems are interactive, and this makes our logic, 
which is designed to be a logic of interactive tasks, a well-suited formal frame- 
work for them and an appealing alternative to the more traditional frame- 
works. Imagine a medical diagnostics system. What we would like the system 
to do is to tell us, for any patient x, the diagnosis y for x. That is, to solve 
the query for all x \-\yDiagnosis(x,y). If here we understand l for alV as V, 
the problem has no solution: an abstract x cannot be diagnosed even by God. 
With '/or alU understood as the query does have a solution in principle. 
But diagnosing a patient just based on his/her identity would require having 
all the relevant medical information regarding that patient, which in a real 
knowledgebase system is unlikely to be the case. Most likely, the query that 
the system solves would look like \/x(Q(x) — > LAyDiagnosis(x, y)), where Q(x) 
is a (counter) query with questions regarding x's symptoms, blood pressure, 
cholesterol level, reaction to various drugs, etc. (one of such questions could 
be Uz(x = z), effectively turning the main quantifier Va; into \~~\x). Most 
likely Q(x) would not be just a A-conj unction of such questions as this was 
the case with the antecedent of (3), but rather it would have a more complex 
structure, where what questions are asked could depend on the answers that 
the user gave to previous questions, yielding a long dialogue with a series of 
interspersed moves by both parties. 

A more familiar to each of us real-life example is the automated bank account 
information system. You dial the bank-by-phone number to inquire about 
your balance. But the query that the system solves is not really as simple as 
UxMyBalance(x) . If this was the case, then you would be told your balance 
right after dialing the number. Rather, you will have to go through quite a 
dialogue, with all sorts of questions regarding your preferences, account type 
and number, secret PIN or even mother's maiden name. 

The style of the above examples and the terminology employed to explain 
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the associated intuitions are somewhat different from those that we saw in 
Section 4 when discussing computational problems and operations on them, 
or at the beginning of the present section when discussing CL3-based applied 
theories. But notice that the underlying formal semantics remains the same: 
whether we talk about valid principles of computability, constructive applied 
theories, or knowledgebase systems — in each case we deal with the same 
(language of) CL3 with its standard semantics. Using the same logic CL3 in 
all these cases is possible only due to Theorem 5.11 though. The reason for the 
failure of the principle p U ->p in the context of computability theory is that 
the corresponding problem may have no algorithmic solution. That is, p U ->p 
is not valid. The reason for the failure of the same principle in the context 
of knowledgebase systems is much simpler. An intelligent system may fail to 
solve the problem Male(Dana)U^Male(Dana) not because the latter has no 
algorithmic solution (of course it has one), but simply because the system does 
not possess sufficient knowledge to determine Dana's gender. In particular, the 
system with empty non-logical (but perfect logical) knowledge would not be 
able to solve p U —up because it is not uniformly valid. According to Theorem 
5.11, however, validity and uniform validity are equivalent. Hence, the logic of 
computability, which is about what can be computed in principle, is the same 
as the logic of knowledgebase systems, which is about what can be actually 
solved by knowledge-based agents. 

The point to be made here is that our approach brings together applied the- 
ories and knowledgebase systems, traditionally studied by different clans of re- 
searchers with different motivations, visions and methods. Every computability- 
logic-based applied theory automatically is a knowledgebase system, and vice 
versa. Knowledgebase systems can be axiomatized in exactly the same way 
as we would axiomatize arithmetic. The set of non-logical axioms of such 
a system may include atomic formulas representing factual knowledge, such 
as Father(Bob,Jane) ("Bob is Jane's father"); it can include nonatomic ele- 
mentary formulas representing general knowledge, such as ^x(x x (y + 1) = 
(x x y) +x) or vx(3yFather(x,y) — > Male(x)); and it can include nonelemen- 
tary formulas such as r~l:rnyLU(,2 = x x y) or \~\x\-\yAge(x, y), expressing the 
ability of the system to compute the x function or its knowledge of (ability 
to tell) everyone's age. These axioms would represent what can be called the 
explicit knowledge of the system — the basic set of problems/queries that the 
system is able to solve. And the set of theorems of such a system would rep- 
resent its overall — perhaps what can be called implicit — knowledge. Each 
theorem would be a query that the system, with CL3 built into it, is actually 
capable of solving: as we noted when discussing CL3-based applied theories, a 
solution to the problem/query expressed by a formula F can be automatically 
obtained from a proof of F and known solutions to the non-logical axioms. 
Furthermore, one can show that it is not even necessary for the knowledgebase 
system to know actual solutions (winning HPMs) for its axioms. Rather, it 
would suffice to have unlimited access to machines or other knowledgebase 
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systems (external computational/informational resources) that solve 
those axioms. "Unlimited access" here means the possibility to query (play 
against) those resources any finite number of times and perhaps in parallel. 
There is no need for the system to know how exactly those external resources 
do their job as long as they do it right. The system would still be able to dy- 
namically solve any theorem F, even if no longer able to construct an actual 
HPM that solves F. 

Extending the meaning of the term "resource" to physical resources as well, 
computability-logic-based knowledgebase systems can be further generalized 
to resourcebase systems and systems for resource-bound planning and action. 
See Section 26 of [11] for a discussion and illustrations. A more elaborated 
discussion of applied systems based on computability logic is given in Section 
8 of [13]. 

PART 2 

This part can be considered a technical appendix to Part 1. It is exclusively 
devoted to proofs of our two main results: Theorem 5.9 (Sections 7-9) and 
Theorem 5.7 (Section 10). 



7 Preliminaries 

The concept of admissible interpretation can be naturally extended from for- 
mulas to sets of formulas: For a set S of formulas, an S'-admissible interpre- 
tation is an interpretation that is F-admissible for each F G S. To simplify 
things, we will assume throughout the rest of this paper that all the formulas 
we deal with are from some fixed set S, and by "interpretation" we will always 
mean S'-admissible interpretation. 

Reiterating and extending our earlier conventions, in what follows E,F,G, 
H, I, J, K will be exclusively used as a metavariable for formulas, a, f3 for 
moves, *,* for interpretations, x, y, z, s, u, w for variables, a, b, c, d for constants, 
t for terms and e, / for valuations. 

The following lemma, on which our reasoning will often rely implicitly, is just 
a straightforward observation: 

Lemma 7.1 For any formula F(x±, . . . , x n ), the set Lr^* 1 '""'*™^ does not 
depend on e, * or ti, . . . , t n . 

With the above fact in mind and in accordance with our conventions from 



37 



Section 2, we will usually omit the parameter e in the expression Lrf , as well 
as omit "with respect to e" in the phrase "legal run of F* with respect to e" . 
Remember also from Section 2 that e can as well be omitted in the expression 
Wn^ when A is a constant game and hence e is irrelevant. 

Lemma 7.2 Suppose x is a variable occurring in a formula F. Then, for any 
interpretation *, constant c and subformula G of F, (G[x/c])* — G*[x/c]. 

Proof. Assume x occurs in F. Pick an arbitrary interpretation *, constant 
c and subformula G of F. Our goal statement (G[x/c])* = G*[x/c] can be 
proven by induction on the complexity of G. We will only outline the proof 
scheme. Verification of details can be done by a routine analysis of the relevant 
definitions, which we lazily omit and just say something like "it is easy to see 
that..." 

Assume G is an n-ary nonlogical atom p(t\, ...,£„) (the case of logical atoms 
_L, T is trivial). Let p* = A(x±, . . . , x n ). 

First consider the case when x is not among ti,...,t n . Then G[x/c] = G, 
so it would be sufficient to show that G* = G*[x/c]. But indeed, by our 
convention, * is F-admissible; since x occurs in F, according to the definition 
of F-admissible interpretation, either A(x\, . . . ,x n ) does not depend on x, or 
x is among xi, . . . , x n . In either case it can be seen that A(ti, . . . , t n ) does not 
depend on x. Hence A(t± : . . . ,t n )[x/c] = A(t± : . . . ,t n ), i.e. G*[x/c] = G*. 

Next consider the case when x is among t\, . . . , t n . For convenience of visual- 
ization, we may assume that t\ = . . . = ti = x and all tj with i < j < n are 
different from x. Then G[x/c] = p(c, . . . , c, U+i, . . . ,t n ) and hence (G[x/c])* = 
A(c, . • • , c, t i+ i, ...,£„). It is not hard to verify that A(c, t i+ ±, . . . , t n ) = 
A(t\, . . . , t n )[x/c], so that we get (G[x/c])* = G*[x/c\. This competes our proof 
of the basis case of induction. 

For the inductive step, let us consider the case when G = Hi A H 2 as an 
example. The following equation is based on the obvious fact that substitution 
of terms commutes with A: 

m A H 2 )[x/c]Y = (mx/c]) A (H 2 [x/c]))\ (4) 

Next, the operation * also commutes with A, so that we have 
{{H^x/c]) A (H 2 [x/c}))* = mx/c])* A (H 2 [x/c])*. 

By the induction hypothesis, (Hi[x/c\)* = H*[x/c] and (H 2 [x/c\)* = H 2 [x/c], 
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so we have 



mx/c})* A (H 2 [x/c]y = {Hl[x/c\) A (H;[x/c}). 

Since the game operation of substitution of variables obviously commutes with 
A, we have 

mx/c]) A (H*[x/c\) = (H{ A H*)[x/c\. 

Finally, again because * commutes with A, we have 

(H{ A H;)[x/c] = (H, A H 2 )*[x/c\. (5) 

The chain of equations from (4) to (5) yields ((Hi A H 2 )[x/c\)* = (H 1 A 
H 2 )*[x/c], i.e. (G[x/c\)* = G*[x/c\. 

The cases with the other propositional connectives will be handled in a similar 
way, based on the fact that the three operations: *, [x/c] (as an operation on 
formulas) and [x/c] (as an operation on problems) commute with -i, V, — >, n, U 
just as they commute with A. Moreover, those three operations commute with 
Qy as well, where Q is any of the four quantifiers and y is a variable different 
from x, so the case G = QyH with y ^ x can also be handled in a way similar 
to the way we handled the case G = Hi A H 2 . 

The only remaining case is G = QxH (one can see that [x/c] does not commute 
with Qx). Obviously we have (QxH)[x/c] = QxH, so that 

((QxH)[x/c]Y = {QxH)\ (6) 

The operation * commutes with Qx, and therefore 
(QxH)* = Qx(H*). 

Qx(H*) obviously does not depend on x, which easily implies 
Qx(H*) = (Qx(H*))[x/c\. 

Again by the fact that * commutes with Qx, we have 

(Qx(H*))[x/c] = (QxH)*[x/c]. (7) 

The chain of equations from (6) to (7) yields ((QxH)[x / c])* = (QxH)*[x/c], 
i.e. (G[x/c\Y = G*[x/c\. □ 
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By a perfect interpretation we mean an interpretation that interprets any 
n-ary predicate letter p as a fmitary predicate A(xi, . . . ,x n ) that does not 
depend on any variables others than xi, . . . , x n . Every perfect interpretation * 
is nothing but a model in the classical sense (classical model) with domain 
{constants} — the model that interprets each constant c as the element c of the 
domain and interprets each n-ary predicate letter p with p* = A(xi, . . . ,x n ) 
as the predicate A(x±, . . . ,x n ). Such a predicate A(xi, . . . ,x n ) is generally 
< n-ary in our sense but can be thought of as exactly n-ary under the more 
traditional understanding of n-ary predicates as sets of n-tuples of objects 
of the domain (the understanding that we slightly revised in Section 2). By a 
closed formula we mean a formula not containing free occurrences of variables. 

A straightforward induction based on a routine analysis of relevant definitions 
reveals that: 

Lemma 7.3 For any formula F and perfect interpretation * , the game F* (is 
finitary and) does not depend on any variables that do not occur free in F; 
hence, if F is closed, F* is a constant game. 

With the above fact in mind and in accordance with our conventions, as long as 
F is closed and * is perfect, we can always safely omit the valuation parameter 
e in Wnf and simply write Wn F as this is done in Lemma 7.4 below. 

Remembering the observations made in Section 4 about the classical behavior 
of our operations _L, T, -i, A, V, — >, V, 3, we obviously have: 

Lemma 7.4 For any closed elementary formula F and perfect interpretation 
*, Wn F () = T iff F is true in * understood as a classical model. 

Based on the above fact, for a closed elementary formula F and perfect in- 
terpretation *, the phrases "F is true in *" and "Wn r () = T" will be used 
interchangeably. Remember also from Section 2 that, for a predicate A, an- 
other way to say "Wnf() = T" or U A is true at e" is to say u e[A] is true". 

Let * be an arbitrary interpretation and e an arbitrary valuation. The perfect 
interpretation induced by (*, e) is the interpretation * such that, for every 
n-ary predicate letter p with p* = A(x±, . . . , x n ), we have p* = A f (xi, . . . , x n ), 
where A'(xi, . . . , x n ) is the unique game such that, for any tuple ci, . . . , c n 
of constants, A'(ci, . . . , c n ) = e[A(ci, . . . , c„)]. This means nothing but that 
A'(xi, . . . ,x n ) is the predicate such that A'(ci, . . . , c n ) is true (at whatever 
valuation) iff A(ci, . . . ,c n ) is true at e. Note that while A(ci, . . . , c n ) may 
depend on some hidden variables, A'(ci, . . . , c n ) is a constant game. 

For a formula F, we will be using the notation ||F|| for the element arizat ion 
of F. The following two lemmas can be verified by straightforward induction 
on the complexity of F: 
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Lemma 7.5 For any formula F , interpretation * and valuation e, Wnf () = 

wnfir<>. 



Lemma 7.6 Suppose * is the perfect interpretation induced by (*,e), and F 
is a closed elementary 11 formula. Then e[F*] = F*. 

A valuation / is said to be finite iff there is a finite set x of variables such 
that for every variable y ^ x, f(y) — 0. A representation of a finite val- 
uation / is a set {xi/ci, . . . , x n /c n }, where xi,...,x n are pairwise distinct 
variables such that each variable x with f(x) ^ is among xi, . . . , x n , and 
Ci, . . . , c n are constants with f(xi) — c\, . . . , f(x n ) = c n . We will say that such 
a set {xi/ci, . . . , x n /c n } represents /. By abuse of terminology, we will often 
identify a representation of a given finite valuation with that valuation itself. 

Where / is a valuation and F is a formula, f'F will denote the result of 
substituting in F every free occurrence of every variable x by the constant 
f(x). That is, f'F = F[x 1 /f(x 1 ), . . . , x n /f(x n )}, where xi,...,x n are all the 
free variables of F. Thus, f'F is always a closed formula. Generally, we say 
that G is an instance of F iff G = fF for some valuation /. 

We say that a valuation / is F-distinctive iff for any free terms t± and of 
F, as long as t\ ^ t 2 , we have f(ti) ^ /(^)- 

Lemma 7.7 For any formula F, interpretation * , and valuations e and f that 
agree on all free variables of F, we have e[F*] = e[(fF)*]. 

Proof. Assume F, *, e, / are as above. Let x±, . . . , x n be all the free variables 
of F, and let c\ = e{x\) = f(xi), . . . , c n — e(x n ) = f(x n ). Obviously we have 

e[F*] = e[F*[x 1 /c l ,...,x n /c n ]]. (8) 

Observe that F*[x l /c 1 , . . . ,x n /c n } = (. . . ((F*[x 1 /ci\)[x 2 /c 2 \) . . .)[x n /c n \, and 
similarly for "F" instead of "_F*". Therefore, applying Lemma 7.2 n times, we 
get F*[x 1 /c 1 , . . .,x n /c n ] = (F[xi/c u . . . ,x n /c n ])* and hence 

e[F*[x 1 /c 1 ,...,x n /c n }] = e[(F[xi/d,. . . ,x n /c n ])*}. (9) 

But F[xi/ci, . . . , x n /c n ] is nothing but fF, so we have {F[x\/c-i, . . . , x n /c n ])* = 
{f'F)* and hence 

e[(F[x 1 /c 1 ,...,x n /c n ]Y]=e[(fF)*]. (10) 



In fact the lemma holds for any closed formula, but for our purposes the elemen- 
tary case is sufficient. 
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Equations (8), (9) and (10) yield e[F*] = e[(/F)*]. □ 



Now we define a function that, for a formula F and a surface occurrence O 
in F, returns a string a called the F-specification of O, which is said to 
F-specify O. In particular: 

• The occurrence of F in itself is F-specified by the empty string. 

• If F is ->G, VrrG or 3xG, then an occurrence that happens to be in G is 
F-specified by the same string that G-specifies that occurrence. 

• If F is Gi A ... A G n , G\ V . . . V G n or G\ — > G2, then an occurrence that 
happens to be in Gi is F-specified by i.a, where a is the Gj-specification of 
that occurrence. 

Example: The second occurrence of p U q in F = G V (p U q) V — > Ek(G A 
(p U g))) is F-specified by the string "3.2.2.". 

With Lemma 7.2 in mind and based on Proposition 4.7, the following lemma 
can be easily verified by induction on the complexity of F, the routine details 
of which we omit: 

Lemma 7.8 For every formula F , move a and interpretation * : 

(a) (-La) G Lr F iff one of the following two conditions holds: 

(1) a = Pi, where (3 is the F -specification of a positive (resp. negative) 
surface occurrence of a subformula G± n . . . n G n (resp. G1U...U G n ) 
and i G {1, . . . , n}. In this case (±a)F* = H* , where H is the result of 
substituting in F the above occurrence by Gi. 

(2) a = f3c, where f3 is the F- specification of a positive (resp. negative) 
surface occurrence of a subformula V~\xG(x) (resp. UxG(x)) and c G 
{constants}. In this case (±.a)F* = H* , where H is the result of sub- 
stituting in F the above occurrence by G(c). 

(b) (Ta) G Lr iff one of the following two conditions holds: 

(1) a = Pi, where j3 is the F -specification of a negative (resp. positive) 
surface occurrence of a subformula G± n . . . n G n (resp. Gi U . . . U G n ) 
and i G {1, . . . , n}. In this case (Ta)F* = H* , where H is the result of 
substituting in F the above occurrence by Gi. 

(2) a = f3c, where f3 is the F -specification of a negative (resp. positive) 
surface occurrence of a subformula V~\xG(x) (resp. UxG(x)) and c G 
{constants}. In this case (Ta)F* = H* , where H is the result of sub- 
stituting in F the above occurrence by G(c). 
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8 Soundness of CL3 



Proposition 8.1 If CL3 h F ; £/ien F zs va/zd (any formula F). Moreover, 
there is an effective procedure that takes an GL3-proof of a formula F and 
returns an HPM H such that, for all*, H \= F* . 

Proof. Assume CL3 h F. Let us fix a particular CL3-proof of F . We will be 
referring to at as "the proof, and referring to the formulas occurring in the 
proof as "proof formulas" . We assume that this is a sequence (rather than tree) 
of formulas without repetitions, and that every proof formula comes with a 
fixed justification — a record indicating by which rule and from what premises 
the formula was derived. 

It would be sufficient to describe an effective way of constructing an EPM 
£ with 'for all *, £ \= F*\ By Proposition 3.2, such an EPM £ can then be 
effectively converted into an HPM H with 'for all *,H\= F*\ 

We construct the EPM £, that will play in the role of T, as follows. At the 
beginning, this machine creates two records on its work tape: E to hold a 
formula, and / to hold (a representation of) a finite valuation. E is initialized 
to F, and / initialized to {xi/ci, . . . ,x q /c q }, where all the free 

variables of F and, for each 1 < i < q, Ci is the value assigned to Xi by 
the valuation spelled on the valuation tape. After the initialization step, the 
machine follows the algorithm LOOP described below. 

Procedure LOOP: While E is a proof formula, do one of the following, 
depending on which of the three rules was used (last) to derive E in the proof: 

Case of Rule A: Keep granting permission until the adversary makes a move 
a that satisfies the conditions of one of the following two subcases, and then 
act as the corresponding subcase prescribes: 

Subcase (i): a — (3i, where f3 F-specifies a positive (resp. negative) sur- 
face occurrence of a subformula G± n . . . n G n (resp. G± U . . . U G n ) and 
% E {1, . . . , n}. Let H be the result of substituting in F the above occur- 
rence by Gi. Then update F to H , and update / by deleting in it all pairs 
u/d where u is not a free variable of H. 

Subcase (ii): a = [3c, where (3 F-specifies a positive (resp. negative) 
surface occurrence of a subformula V~\xG(x) (resp. YAxG(x)) and c G 
{constants}. Let H be the premise 12 of F that is the result of substituting 



If there are many such premises, select the lexicographically smallest one. The 
presence of more than one such premise, however, signifies that the proof has some 
(easy-to-get-rid-of) redundancies, and we may safely assume that this is not the 
case. 
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in E the above occurrence by G(y), where y does not occur in E. Then 
update E to H, and update / to / U {y/c} (unless x did not really have 
free occurrences in G(x), in which case / should stay the same as it was). 
Case of Rule Bl: Let H be the premise of E in the proof. H is the result of 
substituting, in E, a certain negative (resp. positive) surface occurrence of a 
subformula Gi n . . . n G n (resp. G± U . . . U G n ) by Gi for some i G {1, . . . ,n}. 
Let (3 be the ^-specification of that occurrence. Then make the move f3i, 
update E to H, and update / by deleting in it all pairs u/d where u is not 
a free variable of H. 
Case of Rule B2: Let H be the premise of E in the proof. H is the result of 
substituting, in E, a certain negative (resp. positive) surface occurrence of a 
subformula \~\xG(x) (resp. \-\xG(x)) by G(t) for some term t such that (if t 
is a variable) neither the above occurrence of V~\xG(x) (resp. \AxG{x)) in F 
nor any of the free occurrences of x in G(x) are in the scope of Vt, 3t, I It or 
Lit Let /3 be the .^-specification of the above occurrence of Y~\xG{x) (resp. 
LAxG(x)). Let c = /(£) if £ is either a free variable of E or a constant, 13 
and c = otherwise. Then make the move (3c, update E to H, and — if 
t is a variable — update / to / U {t/c} (unless x did not really have free 
occurrences in G(x), in which case / should stay the same as it was). 



It is obvious that (the description of) £ can be constructed effectively from 
the CL3-proof of F. What we need to do now is to show that £ wins F* for 
every *. In doing so, we will assume that £'s adversary never makes illegal 
moves. By Remark 3.1, making such an assumption is perfectly legitimate. 

Pick an arbitrary interpretation *, an arbitrary valuation e and an arbitrary 
e-computation branch B of £. Fix T as the run spelled by B. Consider the 
work of £ in B. For each % > 1 such that LOOP makes at least i iterations in 
B, let Ei and fa denote the values of the records E and / at the beginning of 
the ith iteration of LOOP, and denote /j-Ej. Thus, E-y — F and, by Lemma 
7.7, e[F*\ = e[K*]. Our goal is to show that B is fair and Wnf*(r) = T, i.e. 
Wnff(r>=T. 

Evidently E i+i is always one of the premises of Ei in the proof, so that LOOP 
is iterated only a finite number of times. For the same reason, the value of 
record E is always a proof formula (incidentally, this means that the while 
condition of LOOP is always satisfied, so that the reason why LOOP is only 
iterated a finite number of times is simply that one of the iterations never 
terminates). Fix I as the number of iterations of LOOP. The Ith iteration 
deals with the case of Rule A, for otherwise there would be a next iteration. 
This implies that 



Ei is stable. (11) 



13 Remember that when t is a constant, f(t) = t. 
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For each i with 1 < i < I, let Gj be the sequence of the moves made by the 
players by the beginning of the ith iteration of LOOP, where the moves made 
by £ are T-labeled and the moves made by its adversary _L-labeled. 

For each i with 1 < i < I, we have Qi G Lr K '^ and (®i)K* = K*. (12) 

This statement can be proven by induction on i. The basis case with i = 1 
is trivial. Now consider an arbitrary i with 1 < i < I. By the induction 
hypothesis, ©j G Lr Xl * and (®i)K* = K*. If the ith iteration of LOOP deals 
with the case of Rule Bl or B2, then exactly one move a is made during 
that iteration, and this move is by the machine, so that ©i+i = (Gj,Ta). A 
simple analysis of the corresponding steps of our algorithm, in conjunction 
with Lemma 7.8(b), can convince us that (Tec) G Lr^* and (Ta)K* = K* +1 . 
With the equalities = (6j, Ta) and K* = (Qi)K* in mind, the former 
then implies Oj+i G Lr Xl and the latter implies {Qi + i)K^ = K* +l . Suppose 
now the ith iteration of LOOP deals with the case of Rule A. Then the machine 
does not make a move. This means that _L makes a move a, for otherwise we 
would have i = I. Our assumption that _L never makes illegal moves here means 
nothing but that (©«, _La) G Lr Xl * and therefore (as K* = (Qi)K^) (±a) G 
hr Ki . Applying Lemma 7.8(a) to the fact that (-La) G Lr Ki and analyzing the 
corresponding steps of our algorithm, it is easy to see that 0«+i = (Oj, -La) 
and (±a)K* = K* +1 . Hence © m G Lr^ 1 * and (<d i+1 )K± = K* +1 . Statement 
(12) is proven. 

r = e,. (13) 

Indeed. Since the /th iteration of LOOP deals with the case of Rule A, S does 
not make any moves during that iteration. We claim that _L does not make 
any moves either, so that run T that is generated in the play is exactly ©2. 
To verify this claim, suppose, for a contradiction, that during the /th iteration 
of LOOP _L makes a move a. As we assume that _L plays legal, we should 
have (0;,_La) G Lr Kl . In view of (12), this means that (-La) G Lr Xi . From 
Lemma 7.8(a), just as this was observed in the proof of (12), it is obvious that 
then a would satisfy the conditions of either Subcase (i) or Subcase (ii), and 
then there would be an (/ + l)th iteration, which, however, is not the case. 
Statement (13) is proven. 

The fact that the last iteration of LOOP deals with the case of Rule A and _L 
does not make any moves during that iteration guarantees that £ will grant 
permission infinitely many times during that iteration, so that branch B is 
fair. Thus, in order to complete our proof of Proposition 8.1, what remains to 
show is that Wnfi(r) = T. 

According to (12), 0^ is a legal position of K\ and (Oz)-ft'i = K*. This implies 
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that Wnfi*(6,) = Wnf*(>. But, by (13), 0* = T. Hence 

Wnfi*<r)=Wnf«*0- ( 14 ) 



Suppose, for a contradiction, that Wnfi(r) ^ T. Then, by (14), Wnf*() ^ 
T, whence, according to Lemma 7.5, Wnf 1 " () 7^ T. Then Lemma 7.6 implies 
that Wn"^'" () 7^ T, where * is the perfect interpretation induced by (*,e). 
That is, \\Ki\\ is false in * understood as a classical model. But this is impossible 
because, by (11), \\Ei\\ is classically valid and hence which is an instance 

of \\Ei\\, is true in all classical models. □ 



9 Completeness of CL3 



Lemma 9.1 Let t be any term, F(t) any formula, and t' any term that does 
not occur in F(t). Then CL3 h F(t) iff CL3 h F(t'). 

Proof. This lemma can be proven by induction on the lengths of CL3- 
derivations. The step corresponding to Rule A will rely on a similar fact 
known from classical logic. The routine details of this induction are left to the 
reader. □ 

In our completeness proof for CL3 we will employ the complementary logic 
CL3', whose language is the same as that of CL3 and which is given by the 
following rules: 

— * — * 

A. H 1— > F, where F is instable and if is a set of formulas satisfying the 
following conditions: 

(i) Whenever F has a negative (resp. positive) surface occurrence of a sub- 
formula Gi n . . . n G n (resp. G\ U . . . U G n ), for each % e {1, . . . , n}, H 
contains the result of replacing that occurrence in F by Gf, 

(ii) Whenever F has a negative (resp. positive) surface occurrence of a 
subformula V~\xG(x) (resp. IAxG(x)), H contains the result of replacing 
that occurrence in F by G(y), where y is a variable that does not occur 
in F. 

(iii) Whenever F has a negative (resp. positive) surface occurrence of a sub- 
formula V~\xG{x) (resp. YAxG(x)) and t is a free term of F, H contains the 
result of replacing in F the above occurrence of V~\xG(x) (resp. IAxG(x)) 
by G(y) and 14 all free occurrences of t by y, where y is a variable that 
does not occur in F. 



"and" = "and replacing in the resulting formula" . 
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Bl. F' I— > F, where F' is the result of replacing in F a positive (resp. 
negative) surface occurrence of a subformula G\\l. . .\lG n (resp. GiU. . .UG n ) 
by Gi for some i e {1, . . . , n}. 

B2. F' i— > F, where F' is the result of replacing in F a positive (resp. 
negative) surface occurrence of a subformula V~\xG(x) (resp. lAxG(x)) by 
G(y), where y is a variable that does not occur in F. 

Lemma 9.2 // CL3 \f F, then CL3' h F (any /ormn/a F ). 

Proof. We prove this lemma by induction on the complexity of F. Assume 
CL3 \f F. There are two cases to consider: 

Case 1: F is stable. Then one of the following two subcases must hold (other- 
wise F would be CL3-derivable by Rule A): 

Subcase 1.1: There is a CL3-unprovable formula H that is the result of re- 
placing in F some positive (resp. negative) surface occurrence of a subformula 
Gi n . . . n G n (resp. G 1 U . . . U G n ) by Gi for some i e {1, . . . , n}. By the 
induction hypothesis CL3' h H, whence, by Rule Bl, CL3' h F. 

Subcase 1.2: There is a CL3- unprovable formula H that is the result of re- 
placing in F some positive (resp. negative) surface occurrence of a subformula 
V~\xG(x) (resp. YAxG{x)) by G(y), where y is a variable that does not occur in 
F. By the induction hypothesis CL3' h H, whence, by Rule B2, CL3' h F. 

— * 

Case 2: F is instable. Let H be a minimal set of formulas satisfying the three 
conditions (i)-(iii) of Rule A of CL3'. We claim that 

None of the elements of H is CL3-provable. (15) 

To show this, consider an arbitrary element H of H . One of the following three 
subcases must hold: 

Subcase 2.1: H is the result of replacing in F a negative (resp. positive) surface 
occurrence of a subformula G\ n . . . n G n (resp. Gi U . . . U G n ) by Gi for some 
1 < % < n. If CL3 h H, then F would be CL3-derivable from H by Rule Bl, 
which is a contradiction. 

Subcase 2.2: H is the result of replacing in F a negative (resp. positive) surface 
occurrence of a subformula V~\xG(x) (resp. \-\xG(x)) by G(y) for some y not 
occurring in F. Just as in the previous subcase, CL3 h H is impossible, for 
otherwise, by Rule B2, we would have CL3 h F. 

Subcase 2.3: H is the result of replacing in F a negative (resp. positive) surface 
occurrence of a subformula V~\xG(x) (resp. YAxG{x)) by G(y) and all free 
occurrences of some term t by y, where y is a variable that does not occur in 
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F. Notice that then F[t/y] follows follows from H by Rule B2 of CL3. So, 
if CL3 h H, then CL3 h F[t/y], and therefore, by Lemma 9.1, CL3 h F. 
Again a contradiction, and (15) is thus proven. 

Applying the induction hypothesis to (15), we conclude that each element of 
H is CL3'-provable, whence, by Rule A, CL3' h F. □ 

Remember that a (finitary) predicate A is said to be of complexity £ 2 iff 
it is ("can be written as") 3y\fzB for some decidable predicate B; and A is 
of complexity A 2 iff both A and ->A are of complexity £ 2 . The rest of this 
section is devoted to a proof of the following proposition: 

Proposition 9.3 7/CL3 \f F, then F is not valid (any formula F). 

In particular, if CL3 1/ F , then F* is not computable for some interpretation 
* that interprets atoms as finitary predicates of complexity A 2 . 

Proof. Assume CL3 \f F. Then, by Lemma 9.2, CL3' h F. Let us fix a CL3 - 
proof for F, call it "the proof and call the formulas occurring in the proof 
"proof formulas" . Our conventions about what a proof means are the same as 
in Section 8. In particular, we assume that the proof has no repetitions: every 
proof formula appears in it exactly once. Based on the proof, we are going to 
construct the fair EPM £ which will be shown to be such that no HPM 7i 
wins F* against £ on e c for an appropriately selected interpretation * (which 
does not depend on 7i) and valuation e c . Our selection of such * and e c will 
be based on a diagonalization-style idea. 

Let us agree for the rest of this section that xi, . . . ,x q are all the (pairwise 
distinct) free variables of F, and that 

Convention 9.3.1 

a) e always means the (arbitrary but fixed) valuation spelled on the valuation 
tape of £; 

b) B always stands for an (arbitrary but fixed) e-computation branch of £ . 

The work of £ consists of three stages, that we call the preinitialization, ini- 
tialization and postinitialization stages. During the preinitialization stage, £ 
checks whether e is F-distinctive (see page 41). If e passes the test for F- 
distinctiveness, £ goes to the initialization stage. Otherwise £ simply goes 
into an infinite loop in a permission state to formally ensure fairness, thus for- 
ever remaining in the preinitialization stage. During the initialization stage, 
£ creates two records: E to hold a formula, and / to hold (a description 
of) a finite valuation. £ initializes E to F and / to {xi/e(x\), . . . ,x q /e(x q )}, 
and goes to the postinitialization stage. During the postinitialization stage, £ 
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simply follows the following procedure: 

Procedure LOOP: While E is a proof formula and / is an ^-distinctive 
valuation, do one of the following, depending on which of the three rules was 
used (last) to derive E in the proof: 

Case of Rule A: Keep granting permission until the adversary makes a move 
a. Then act depending on which of the following four subcases applies: 
Subcase (i): a = /3i, where (3 ^-specifies a negative (resp. positive) sur- 
face occurrence of a subformula G± n . . . n G n (resp. G± U . . . U G n ) and 
% G {1, . . . , n}. Let H be the result of substituting in E the above occur- 
rence by Gi. Then update E to H, and update / by deleting in it all pairs 
x/d such that x is not a free variable of H. 
Subcase (ii): a = (3c, where (3 ^-specifies a negative (resp. positive) 
surface occurrence of a subformula V~\xG(x) (resp. YAxG{x)) and c is a 
constant not occurring in fE. Let H be the premise 15 of E that is the 
result of substituting in E the above occurrence by G(y), where y is a 
variable that does not occur in E. Then update E to H, and update / to 
/ U {y/c} (unless x did not really have free occurrences in G(x), in which 
case / should stay as it was). 
Subcase (iii): a = (3c, where (3 -E-specifies a negative (resp. positive) 
surface occurrence of a subformula \~\xG(x) (resp. lAxG(x)) and c is a 
constant that occurs in fE. Let t be the free term of E with f(t) = c. Let 
H be the premise 16 of E that is the result of substituting in E the above 
occurrence of V~\xG(x) (resp. YAxG(x)) by G(y) and all free occurrences 
of t by y, where y is a variable that does not occur in E. Then update E 
to H; update / to / U {y/c} if t is a constant, and to (/ — {t/c}) U {y/c} 
if t is a variable. 

Subcase (iv): a does not satisfy any of the above conditions (i)-(iii). Then 
go into an infinite loop in a permission state. 

Case of Rule Bl: Let H be the premise of E in the proof. H is the result of 
substituting, in E, a certain positive (resp. negative) surface occurrence of a 
subformula Gi n . . . n G n (resp. G± U . . . U G n ) by Gi for some i G {1, . . . , n}. 
Let P be the ^-specification of that occurrence. Then make the move f3i, 
update E to H, and update / by deleting in it all pairs x/d such that x is 
not a free variable of H . 

Case of Rule B2: Let H be the premise of E in the proof. H is the result 
of substituting, in E, a certain positive (resp. negative) surface occurrence 
of a subformula V~\xG(x) (resp. \AxG{x)) by G(y) for some variable y not 
occurring in F. Let (3 be the E'-specification of that occurrence. Let c be the 
smallest constant not occurring in fE. Then make the move (3c, update E to 

15 As in Section 8, if there are many such premises, select the lexicographically 
smallest one. 

16 Again, select the lexicographically smallest one if there are many such premises. 
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H, and update / to / U {y/c} (unless x did not really have free occurrences 
in G(x), in which case / should stay as it was). 

Lemma 9.3.2 Suppose e is F -distinctive. For each i > 1 such that LOOP 
is iterated at least i times in B, let E^ and /j be the values of E and f at the 
beginning of the ith iteration. Then, for each such i {in clauses (a) -(c)), we 
have: 

(a) Ei is a proof formula. 

(b) fi is an E^- distinctive valuation. 

(c) As long as i > \, E^ is a premise of E^ in the proof. 

(d) LOOP is iterated a finite, nonzero number of times in B. 

(e) Where I is the number of iterations of LOOP in B, Ei is derived by Rule 
A and hence is instable. 

(f) B is a fair branch. 

Proof. Clauses (a)-(c) are obvious from the description of LOOP. Formally 
they can be verified by straightforward induction on %. Note that clauses (a) 
and (b) imply that the while condition of LOOP is always satisfied. 

In view of the assumption of the lemma regarding e, e will pass the test for 
F-distinctiveness during the preinitialization stage, so LOOP will be iterated 
at least once. And clause (c) implies that the number of iterations of LOOP 
cannot be infinite — in particular, cannot exceed the number of proof formulas. 
This proves clause (d). 

For the remaining two clauses, assume / > 1 is the number of iterations of 
LOOP in B. As E x is a proof formula, it should be derived by one of the three 
rules of CL3'. Among those rules, only Rule A is possible, for otherwise, as 
it is easy to see, we would have a next iteration of LOOP. Thus, clause (e) 
holds. 

For clause (f), we want to show that £ will grant permission infinitely many 
times — in particular, it will do so during the /th iteration of LOOP. By clause 
(e), the /th iteration of LOOP deals with the case of Rule A. What £ does 
during that iteration is that it keeps granting permission until the adversary 
responds by a move. If such a response is never made, permission will be 
granted infinitely many times. Suppose now the adversary makes a move a. a 
cannot be a move that satisfies the conditions of one of the Subcases (i)-(iii), 
for then we would have an (I + l)th iteration of LOOP. Thus, we deal with 
Subcase (iv), in which, again, £ will grant permission infinitely many times. 
□ 

Lemma 9.3.3 £ is fair. 
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Proof. Keeping in mind that e and B are arbitrary (Convention 9.3.1), all 
we need to show is that B is fair, i.e. permission will be granted infinitely 
many times in B. By Lemma 9.3.2(f), if e is F-distinctive, then B is fair. And 
if e is not F-distinctive, then the fairness of B can be directly seen from the 
description of the preinitialization stage. □ 

As mentioned earlier, we are going to use £ as an environment's strategy, so 
that we will be interested in runs cospelled rather than spelled by computation 
branches of £. This means that when analyzing how such runs are generated, 
we should assume that the moves made by £ get the label _L rather than T, 
and the moves made by its adversary get the label T rather than _L. 

For the rest of this section, let us agree on the following: 

Convention 9.3.4 Suppose e is F -distinctive so that, according to Lemma 
9.3.2(d), LOOP makes a finite, nonzero number of iterations in B. Then: 

• I will denote the number of iterations of LOOP in B, so that the /th iteration 
is the last iteration. 

• Ei {where 1 < i < I) will denote the value of record E at the beginning of 
the ith iteration of LOOP in B. 

• fi (where 1 < i < I) will denote the value of record f at the beginning of the 
ith iteration of LOOP in B. 

• Ki (where 1 < % < I) will stand for fiE^. 

• Oj (where 1 < % < I) will stand for the sequence of the moves made by the 
players — in their normal order — by the beginning of the ith iteration of 
LOOP in B, where the moves made by £ are ^-labeled and the moves made 
by its adversary T -labeled. 

Lemma 9.3.5 Suppose e is F -distinctive. Then, for every i with 1 < % < I 
and every interpretation *, we have ©j G Lr^ 1 and (Qi)K^ = K* . 

Proof. Assume e is F-distinctive. We proceed by induction on i. The basis 
case with % = 1 is trivial taking into account that ©i = (). Now consider 
an arbitrary i with 1 < % < I. By the induction hypothesis, 6« G Lr^ 1 and 

(e^Ki = k*. 

Suppose the ith iteration of LOOP in B deals with the case of Rule A. Then 
£ does not make a move during this iteration. Since % is not the last iteration, 
the adversary should make a move a that satisfies the conditions of one of the 
Subcases (i)-(iii), and then we will have Oj+i = (Oj,Ta). Analyzing how Ei 
and fi are updated to Ei + \ and fi + \ in this case, in view of Lemma 7.8(b) it 
is easy to see that then (To) e Lr^ and (Ta)K* = K* +1 , whence, with the 
equalities K* = (Oj)FJ 1 and O i+ i = (Oj, To) in mind, we have O i+ i G Lr^ 1 * 
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and (Q i+1 )K* = K* +1 . 

Suppose now the ith iteration of LOOP deals with the case of one of the Rules 
Bl or B2. Then the adversary does not move during this iteration. £ makes 
a one single move a so that O i+ i = (O i? -La). Again, analyzing what kind of 
a move this a is and how E± and f\ are updated to E i+ i and /j+i, in view 
of Lemma 7.8(a) we can easily see that (-La) G Lr Ki and (J_a)K* = K* +1 , 
whence, with the equalities K* = (Qi)K* and O i+1 = (O i? Ta) in mind, we 
have e i+ i G Lr K *^ and (e i+ i)K* = K* +1 . □ 

Lemma 9.3.6 Suppose e is F- distinctive, and T is the run cospelled by B . 
Then, for any interpretation * with Wnf' () = _L ; we have Wnf (T) = _L. 

Proof. Assume e is F-distinctive, B cospells Y and Wnf'' () = _L. By 
Lemma 9.3.5, Oi G Lr x i* and (Qi)K* = K\ . Since Wnf*() = _L, we then 
have W^'^O = ±, whence Wnf*(0,) = i_, i.e. Wn e ^(6,) = _L, i.e. 
W/ n e i(h E i) 1(@^ — j_. Then, remembering from the description of the initial- 
ization stage that f\ agrees with e on all free variables of F and E 1 = F, 
Lemma 7.7 yields Wn e[F * ] (0i) = _L, i.e. 

Wnf<e,> = ±. (16) 



Back to T. Obviously O; is an initial segment of T. Since E\ is derived by Rule 
A (Lemma 9.3.2(e)), the Zth iteration of LOOP deals with Case of Rule A. So, 
£ does not move during this iteration. If its adversary does not make moves 
either, then <S>i = T and, by (16), Wnf* (r) = _L. Suppose now the adversary 
makes a move a during the Zth iteration, a cannot be a move that satisfies 
the conditions of one of the Subcases (i)-(iii), for otherwise there would be an 
(Z + l)th iteration of LOOP. But if none of those three conditions is satisfied, 
then it can be seen from Lemma 7.8(b) that we must have (Ten) G" Lr Kl . 
Consequently, by Lemma 9.3.5, (Ta) G" Lr {ei)K ? , whence (0 ; ,Ta> G" Lr Xj> , 
whence, in view of Lemmas 7.1 and 7.2, (0j, Ta) ^ Lr F . But (©;, Ta) is an 
initial segment of T, which makes T a T-illegal and hence _L-won run of e[F*]. 
□ 

To proceed with our proof of Proposition 9.3, we need to agree on some ad- 
ditional terminology. In the following convention, when using set-theoretic 
notation such as c G c, we identify a tuple c of constants with the set of the 
constants that appear in c. 

Convention 9.3.7 Suppose a — (a±, . . . , a r ) and b = {pi, . . . ,b r ) are two r- 
tuples of pairwise distinct constants. Let (a[, . . . , a' m ) be the result of deleting 

— * 

in a all constants that are in b. Similarly, let (b[, . . . ,b' m ) be the result of 



52 



deleting in b all constants that are in a. We define the (a, 6)-permutation as 

the function h~ : {constants} — > {constants} such that, for every constant c, 
we have: 

• If c £ (oU b), then hc = c. 

• If c — bi e b (1 < i < r), then he = a«. 

— * 

• If c = a'j £ (a — b) (1 < j < m), then he = b'y 
The following statement is obvious: 

Lemma 9.3.8 For any tuples a = (ai, . . . , a r ) and b = (pi, . . . , b r ) of pairwise 
distinct constants, the (a, b) -permutation is an effective, bijective function from 
{constants} to {constants}. 

For the rest of this section we assume that: 
Assumption 9.3.9 

• Hi , . . . , H k are all the instable proof formulas. 

• G\(x\, . . . ,xlj, . . . , Gk{x\, ...,£*) are the elementarizations of 'Hi, . . . , H k , 
respectively, where, for each 1 < i < k, we assume that x\, . . . ,x l r . are all 
the {pairwise distinct) free variables of Gi(x{, . . . ,x l r .). 

By a A 2 -interpretation we mean an interpretation that interprets each pred- 
icate letter as a (finitary) predicate of complexity A 2 . 

By Godel's completeness theorem for classical predicate calculus — in partic- 
ular, the version of the proof of that theorem as given in Section 72 of [14] - 
for every formula G{w\, . . . ,w r ) of the classical language that is not (classi- 
cally) valid and whose free variables are exactly wi, . . . ,w r , there is a classical 
model with domain {0, 1,2,.. .} and an r-tuple ai, . . . ,a r of pairwise distinct 
objects of the domain such that, in that model, 

• every predicate letter is interpreted as a predicate of complexity A 2 ; 

• G(ai, . . . ,a r ) is false. 

Such a model is nothing but what we would call a perfect (see page 40) A 2 - 
interpretation. Based on the above fact and taking into account that each of 
the Gi(x\, . . . , x l r .) (1 < i < k) is a classically non- valid elementary formula, 
we fix the following perfect A 2 -interpretations and tuples of constants: 

Assumption 9.3.10 For each 1 < % < k, 

• * l is a perfect ^-interpretation and 
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• a 1 — (a\, . . . , a* ) are pairwise distinct constants such that Gi(a\, . . . , a* ) is 
false in *\ 

For each 1 < i < k and each n-ary predicate letter p, let 

A^( Ul ,...,u n ) = p* { 

(of course, it is legitimate to assume that the attached tuple of each p* 1 comes 
from the same pool u\, u-i, ■ ■ ■ of variables). 

Let us fix an effective encoding of tuples of pairwise distinct constants. We 
assume that every such tuple has exactly one code, and vice versa: every 
c G {0, 1, . . .} is the code of exactly one tuple of pairwise distinct constants. 

For each 1 < i < k and each n-ary predicate letter p, we define the predicate 

Bf(u ,U!, ...,u n ) 

by stipulating that, for any Co, . . . , c n , Bf(co, . . . , c n ) is true iff Co is the code 
of an ?vtuple b of pairwise distinct constants and, where h is the (a 1 , b)- 
permutation, A?(hci, . . . , Hc n ) is true. 

Since h is an effective function and the complexity of A\ is A 2 , we obviously 
have: 

Lemma 9.3.11 For any n-ary predicate letter p and any 1 < i < k, the 

complexity of Bf(uo, u±, . . . , u n ) is A 2 . 

Remember that all the free variables of F. We also select and 

fix an arbitrary variable s that does not occur in F. And we fix a constant do 
such that no constant occurring in F is greater than d . 

For each constant c, we define the valuation e c by stipulating that: 

• e c (s) = c; 

• e c (xi) = d + 1; . . . ; e c (x q ) = d + q; 

• for any other variable z, e c (z) = 0. 

Notice that: 
Lemma 9.3.12 

a) For any constant c, e c is an F- distinctive valuation. 

b) The function g defined by g(c,i) = e c (vi) is effective. 

We fix the list Ho, Hi, H 2 , ... of all HPMs arranged according to the lexi- 
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cographic order of their (standardized) descriptions. 

According to Lemma 9.3.3, £ is fair. Hence, for every HPM 7i and valuation 
/, the (£, /, 7i)-branch (see Lemma 3.3) is defined. 

For each constant c, we define: 

• B c as the (£, e c , 7Y c )-branch, 17 and 

• T c as the H c vs £ run on e c , i.e. the run cospelled by B c . 

Note that, by Lemmas 9.3.12(a) and 9.3.2(d), LOOP is iterated a finite, 
nonzero number of times in B c . 

Next, where 1 < i < k, we define the predicate Lasti(x, x') by stipulating that, 
for any constants c, c', 

• Lasti(c, d) is true iff we have: 

• The value of record E in the last iteration of LOOP in B c is Hi, 

— * — * 

■ d is the code of b, where b = bi,...,b n are the constants assigned to 
the variables x\, . . . ,x l r . by the value of record / in the last iteration of 
LOOP in B c . Note that, in view of Lemma 9.3.2(b), bi, . . . , b n are pairwise 
distinct. 

Lemma 9.3.13 For each 1 < i < k, the predicate Lasti(x,x') has complexity 
A 2 . 

Proof. Updates of records E and / generally may take several computation 
steps. Let us call such steps (configurations of £) — together with the steps 
within the preinitialization and initialization stages — transitional, and call all 
other steps non-transitional. Thus, it is the non-transitional configurations in 
which records E and / have definite values, with the former being a proof for- 
mula and the latter being a finite valuation. For each 1 < % < k, let Ki(y, x, x') 
be the predicate such that Ki(n, c, c') is true iff the nth configuration of B c is 
non-transitional, the value of record E in that configuration is Hi, and d is 
the code of b, where b = b\, . . . , b n are the constants assigned to the variables 
x\, . . . , x\. by the value of record / in the nth configuration. In view of Lemmas 
3.3(b) and 9.3.12(b), it is not hard to see that Ki is a decidable predicate. We 
know that the values of records E and / should stabilize at some computation 
step m of B c and never change afterwards. In particular, such an m is the first 
configuration of the last iteration of LOOP in B c . With this fact in mind and 
some little thought, we can find that Last^x, x') = 3z\/y(y > z — > K^y, x, x')) 
and -iLasti(x, x') = 3ztfy(y > z — > ->Ki{y, x, x')). This means that Lasti(x, x') 
has complexity A 2 . □ 



Not to confuse with the predicates Bf. 
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For any n-ary predicate letter p and any 1 < i < k, we now define the predicate 
Cf(s,u 1: . . . ,u n ) by 

Cf(s, Mi, ... , u n ) = 3u (Lasti(s, u ) A Bf(u , u ± , . . . , u n )). 

For each n-ary predicate letter p, we define the predicate D p (ui, . . . , u n ) by 
D p (u 1: . . . ,u n ) = C p (s,u 1: ...,u n ) V... VCf(s,iii,...,u n ). 

(Notice that D p (u 1 , . . . ,u n ) is generally n + 1-ary rather than n-ary with s 
being a hidden variable on which it depends.) 

Lemma 9.3.14 The predicate D p (ui, . . . ,u n ) has complexity A 2 (any n-ary 
predicate letter p) . 

Proof. Disjunction preserves A 2 -complexity. So, in order to show that the 
predicate D p (u\ ) . . . ,u n ) is of complexity A 2 , it would be sufficient to verify 
that each disjunct Cf(s, ui, . . . , u n ) (1 < i < k) of it has complexity A 2 . From 
Lemmas 9.3.11 and 9.3.13, together with the fact that A and 3 preserve £ 2 - 
complexity, it is obvious that Cf(s, u\, . . . , u n ) is of complexity S 2 . Thus, what 
remains to show is that ->Cf (s, u±, . . . , u n ) is also of complexity S 2 . We claim 
that 

-.Cf(s,^i, . . . ,u n ) = 3uo(y{Lastj(s,uo) \ j ^ i, j e {l,...,k}} 
V(Lasti(s, m ) A ->Bf(u , u u . . . , «„))) 



(yS means the V-disj unction of the elements of S, understood as _L when S 
is empty). This claim can be verified based on the meanings of the predicates 
Cf and Lasti, and the observation that, for every (value of) s, there is exactly 
one j G {1, . . . , k} and exactly one (value of) u such that Lastj(s, u ) is true. 
Details of this verification are left to the reader. 

Now, from Lemmas 9.3.11 and 9.3.13, together with the fact that A, V and 3 
preserve S 2 -complexity, (17) allows us to conclude that ->Cf(s, ui, . . . ,u n ) is 
indeed of complexity S 2 . □ 

Now we define the interpretation * by stipulating that, for each n-ary predicate 
letter p, 

p* = D p {u 1 ,. . . ,u n ). 

Lemma 9.3.14 then means that * is a A ^interpretation. The fact that variable 
s does not occur in F guarantees that this interpretation is F-admissible. 
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What remains to show is that no HPM wins F*. We are going to do this by 
proving that each T~L C loses F* against £ on e c . 

Lemma 9.3.15 Assume the following: 

(1) c,c'<E {constants} and i e {1, . . . , k} are such that Lasti(c, d) is true; 

— * 

(2) b = (&!,..., b n ) is the tuple of pairwise distinct constants encoded by d ; 

(3) h is the (a 1 , b) -permutation. 

Then, for any elementary formula J(z±, . . . ,z n ) whose free variables are exactly 
zi, . . . ,z n and any constants c±, . . . , c n , e c [(J(ci, . . . , c n ))*] = (J(hci, . . . , hc n ))* 

Proof. Assume the conditions of the lemma are satisfied, and J(z±, . . . , z n ) 
is an elementary formula whose free variables are exactly z\, . . . , z n . We prove 
the lemma by induction on the complexity of J(zi, . . . , z n ). 

For the basis of induction, we need to consider the case when J(z±, . . . , z n ) 
is atomic. The cases when it is ± or T are trivial, so suppose J(z±, . . . , z n ) 
is a non-logical atom. For simplicity of representation and obviously without 
loss of generality, we may assume that J(z±, . . . , z n ) = p(zi, . . . , z n ), where p 
is an n-ary predicate letter. Then (J(ci, . . . , c n ))* = D p (c\, . . . , c n ). In turn, 
DP( Cl , . . . , c n ) = CI (s, ci, . . . , c n ) V . . . V C p k (s, ci, . . . , c n ). Thus, 

e c [(J(ci, . . . ,c n ))*] = e c [Cf(s,Ci, . . . , c n ) V ... V C p k (s,c 1} . . . ,c n )]. (18) 
We obviously have 

e c [C P (s, Ci, . . . , Cn) V . . . V C£(S, Ci, . . . , Cn)] = 

Cf(c, ci, . . . , c n ) V . . . V C£(c, ci, . . . , c n ). 

According to assumption (1) of the lemma, LasU(c, d) is true. As noted earlier 
in the proof of Lemma 9.3.14, % and d are unique values for which Lasti(c, d) 
is true. Each component Cj(c, Ci, . . . , c n ) in the above disjunction contains 
(under 3u ) the conjunct Lastj(c,u Q ) which is thus false when j ^ i, and 
hence each such disjunct Cj(c, c±, . . . , c n ) can be deleted. So, 

Cf (C, Ci, . . . , Cn) V . . . V C£(C, Ci, . . . , C n ) = Cf (C, Ci, . . . , Cn) = 

3u {Lasti(c, u Q ) A Bf(u Q , Ci, . . . , c n )). 
Since c' is the only constant for which Lasti(c,d) is true, 3u (Lasti(c, u ) A 
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Bf(u , ci, . . . , c n )) can be equivalently rewritten as Bf(d, c±, . . . , c n ). Thus, 
3u (Lasti(c, u ) A Bf(u , ci, . . . , c n )) = fif (c, ci, . . . , c n ). 

In turn, based on assumptions (2) and (3) of the lemma, 
Bf(c', Ci, . . . , Cn) = A^ihcx . . . , kc n ). 



Finally, notice that 

A?(hci hc n ) = (p(hc! hc n )) M = (J(kCi hcn)Y 



(19) 



From the chain of equations from (18) to (19) we get e c [(J(ci, . . . ,c n ))*] = 
(J(hci . . . , hc n ))*\ which completes our proof of the basis case of induction. 

For the inductive step, we will only consider the case when the main operator 
of J(zi, . . . , z n ) is 3. The case with V is similar, and the cases with -i, A, V, — > 
are simpler or straightforward. 

So, assume J(zi, . . . , z n ) = 3z I(z , z\, . . . , z n ). Then ( J (a, . . . , c n ))* = 
(3z I(z ,c u ...,c n ))* = 3z ((I(z ,c u . . . ,c n ))*) and (J(^ci, . . . , hc n )) M = 

(3z I(z , hci, . . . , hc n ))* 1 = 3z ((I(z , hci, . . . , fic n ))* 1 ^ . Thus, we need to show 
that e c 3z (^(I(z , Ci, . . . , c n ))*) = 3zq(^I(zq, hc±, . . . , fic n ))* l ^j . In other words, 
show that e c 3z ((I(z , c\, . . . , c n ))*) is true iff 3,zo((J(3o, ^ Cl ' • • • > ^ c n)) W ) i s 
so. In what follows we implicitly rely on Lemma 7.2. Suppose e c 



■■■,c n ))*) 



lz 



is true. This means that there is a constant cq such that e c [(/(co, ci, 
. . . , c„))*] is true. Then, by the induction hypothesis, (I(hco, hci, . . . , hc n ))* 1 
is true. In turn, this implies that 3z ((I(z , hci, . . . , fi.c n ))* l ^j is true. Now 

suppose 3z ((I(z , hci, . . . , hc n ))* l ^j is true. This means that for some con- 
stant d, (I(d,hc 1 , . . . ,hc n )y i is true. Since h is a bijection (Lemma 9.3.8), 
there is a constant Cq with Ucq = d. Then, by the induction hypothesis, 
e c [(/(c ,ci, . . .,c n ))*\ is true. Consequently, e c 3z ((I(z ,c 1 , . . . ,c n ))*) 



is true. 



□ 



Lemma 9.3.16 H c does not win F* against £ on e c (any constant c). 

Proof. Fix an arbitrary c. In what follows we rely on our Convention 9.3.1 
with e c and B c in the roles of e and B, respectively. That is, in the present 
context e c and B c should be understood as synonyms of to what the earlier 
parts of the present section referred as e and B. The fact that e c is F-distinctive 
(Lemma 9.3.12) allows us to use the notation established in Convention 9.3.4. 
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According to Lemma 9.3.2(d), LOOP is iterated a finite (and nonzero) number 
of times — in particular, I times in B c . Then, by clauses (a) and (e) of Lemma 
9.3.2, Ei is an instable proof formula. Hence E\ = Hi for one (and exactly 
one as we assume that the CL3'-proof of F has no repetitions) of the % with 
1 < % < k. Fix this i. Consider fi — the value of record / at the beginning of 
the last iteration of LOOP in B c . Let b = (pi, . . . , b ri ) be the values returned for 
x±, . . . , x ri by //, and let d be the code of b. So, Lasti(c, d) is true. Let h be the 
(a 1 , 6)-permutation. Thus, the three conditions of Lemma 9.3.15 are satisfied. 
Then, according to that lemma, e c [(Gj(&i, . . . , b ri ))*] = (Gi(hbi, . . . ,hb ri )Y l . 
But remembering the meaning of h, we have hbi — a\, . . . , hb ri = a l r .. Thus, 
e c [(Cj(fei, ...,b ri ))*] has the same truth value as (G,( ))**. According 

to Assumption 9.3.10, the latter is false. Then so is the former, which can be 
expressed by writing 

Wn (G i (bi,-,br i )r q =J __ (20) 

We have E\ = Hi and hence Ki = fiHi. This obviously implies that \\Ki\\ = 
fi\\Hi\\. In turn, by Assumption 9.3.9, = Gi(x\, . . . , x l r ). And we also 

have ftdixl . . . , <) =Gi(b[,..., KJ. Thus, ||^|| = G t (b\, • • • , KJ- By (20), 
we then get Wnjjf iir () = _L. This, by Lemma 7.5, implies WnJ* () = _L. Then, 
by Lemma 9.3.6, we get Wnf (r c ) = _L. Thus T c , which is the Ti. c vs £ run on 
e c , is a lost (by H c ) run of F* with respect to e c , which means that TC C does 
not win F* against £ on e c . □ 

Lemma 9.3.16 essentially completes our proof of Proposition 9.3: that H c does 
not win F* against £ on e c clearly means that it simply does not win F*. But 
every HPM is H c for some c. Hence, no HPM wins F*, and F is not valid. □ 



10 Decidability of the V, 3-free fragment of CL3 

This section is devoted to a proof of Theorem 5.7. Let F be an arbitrary for- 
mula that does not contain blind quantifiers. The decidability of the question 
CL3 h F can be shown by induction on the complexity of F. 

F is provable iff it is derivable from some provable formulas by one of the Rules 
A, Bl, or B2. We define a procedure that tests, as described below, each of 
these three possibilities. If one of those three tests succeeds, the procedure 
returns "yes", otherwise returns "no". 

Testing Rule A: This routine has the following three steps. The whole test 
is considered to have succeeded iff each of those three steps succeed. 
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Step 1: Check whether F is stable, i.e. whether ||F|| is classically valid. Note 
that the latter does not contain any quantifiers. The question of classical 
validity of a quantifier-free formula is, of course, decidable. Thus, this step 
takes only a finite amount of time. If F is stable, the step has succeeded. 
Otherwise it has failed. 

Step 2: For each positive (resp. negative) surface occurrence of a subformula 
G± n . . . n G n (resp. G\ U . . . U G n ) in F and each 1 < i < n, see if H is provable, 
where H the result of replacing in F the above occurrence by Gj. Just like F, 
H does not contain blind quantifiers, and its complexity is lower than that 
of F . Hence, by the induction hypothesis, testing whether CL3 h H takes a 
finite amount of time. Obviously there is only a finite number of such Hs to 
test, so the whole Step 2 takes a finite amount of time. If all of such Hs turn 
out to be provable, then the step has succeeded. Otherwise it has failed. 

Step 3: For each positive (resp. negative) surface occurrence of a subformula 
\~\xG(x) (resp. \-\xG(x)) in F, see if H is provable, where H the result of 
replacing in F the above occurrence by G(y), where y is the smallest (in the 
lexicographic order) variable not occurring in F. As in the previous step, H is 
V, 3-free and its complexity is lower than that of F, whence, by the induction 
hypothesis, testing whether CL3 h H takes a finite amount of time. Also, 
again there is only a finite number of such Hs to test, so the whole Step 3 
takes a finite amount of time. If all of such Hs turn out to be provable, then 
the step has succeeded. Otherwise it has failed. 

Before we describe how the other rules are tested, let us verify that F is 
derivable by Rule A iff each of the above three steps (and hence the whole 
test) succeeds. 

Assume all three steps succeed. Success of Step 1 means that F is stable. 
And success of Steps 2 and 3 obviously means that there is H that satisfies 
conditions (i) and (ii) of Rule A. Hence F is derivable from that H by Rule 
A. 

Now assume one of the three steps fails. We want to show that then one of the 
conditions of Rule A is violated for F as a possible conclusion of that rule. 
Indeed: Failure of Step 1 means that the condition of stability of F is violated. 
Failure of Step 2 obviously means that there is no set H of formulas that would 
satisfy condition (i) of Rule A. Suppose now Step 3 fails. In particular, there is 
a positive (resp. negative) occurrence of a subformula V~\xG(x) (resp. YAxG(x)) 
in F such that CL3 \f H, where H is the result of replacing in F the above 
occurrence by G(y), with y being the smallest variable not occurring in F. Let 
us write H as H(y). In view of Lemma 9.1, for any variable y' not occurring 
in F, we would also have CL3 \f H(y'). This obviously means that no set H 
of formulas satisfies condition (ii) of Rule A. 
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Each of the following two routines takes a finite amount of time for the same 
reasons as the routines of the above- described Steps 2 and 3 did. 

Testing Rule Bl: For each negative (resp. positive) surface occurrence of a 
subformula G± n . . . n G n (resp. Gi U . . . U G n ) in F and each 1 < % < n, see if 
H is provable, where H the result of replacing in F the above occurrence by 
Gi. If one of such Hs turns out to be provable, then the test has succeeded. 
Otherwise it has failed. Clearly F is derivable by Rule Bl iff this test succeeds. 

Testing Rule B2: For each negative (resp. positive) surface occurrence of a 
subformula V~\xG(x) (resp. IAxG(x)) in F, do the following: 

Step 1: See if H is provable, where H the result of replacing in F the above oc- 
currence of V~\xG(x) (resp. YAxG(x)) by G(y), where y is the smallest variable 
not occurring in F. 

Step 2: For each free term t of F such that (if t is a variable) neither the above 
occurrence of \~\xG(x) (resp. \-\xG(x)) in F nor any of the free occurrences 
of x in G(x) are in the scope of Vt or 3t, see if H is provable, where H the 
result of replacing in F the above occurrence of V~\xG(x) (resp. IAxG(x)) by 
G(t). 

If one of the above Hs turns out to be provable, then the test has succeeded. 
Otherwise it has failed. 

With Lemma 9.1 in mind, a little thought can convince us that F is derivable 
by Rule B2 iff this test succeeds. 
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instantiation 7 


valid 26; uniformly valid 30 


interactive algorithm 12 


valuation 6 


interpretation 26 


variable 5,25 


interpretation: admissible 26 


winnable (computable, solvable) 11 
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win: machine game 11,11 

win: machine against machine 13 

Wn 6 



_L as player 6 
_L as game 8 
T as player 6 
T as game 8 

-i when applied to games 15 

-i when applied to players 6 

-i when applied to runs 12 

A 16 

V 16 

-> 16 

V21 

3 21 

n 18 

U 18 
n 18 
U 18 

4 21 

A[xi/ti, . . .,x n /t n ] 14 

F[ti/t[, . . ., t n /t' n ] 25 

A(x u ...,x n ) 15 

F(xi, ...,x n ) 25 

{$)A 22 

e[A}7 

()6 

||F|| 40 
n 15 
* 6 

^ 24 
h 27 



